Sophos Launches Free Anti-Virus Software for Mac OS X

[valereee]

One more reason to run AV software on a mac

If mac users don't use av software, there's little motivation for anyone to supply it. If NO ONE is working on av software, then in the eventuality that we do need it, we're all starting from scratch. That's just never a good place to be if you can with minimal effort prevent it.

It's kind of like getting your flu shot in a year when the flu isn't supposed to be particularly bad. I seldom get the flu, but I go ahead and get the shot every year anyway because if no one does, there's little motivation for pharma companies to develop future flu shots. Which means in the really bad flu years, there's a shortage because only one company is making the shot.

 

[GGJstudios]

If mac users don't use av software, there's little motivation for anyone to supply it. If NO ONE is working on av software, then in the eventuality that we do need it, we're all starting from scratch. That's just never a good place to be if you can with minimal effort prevent it.

It's kind of like getting your flu shot in a year when the flu isn't supposed to be particularly bad. I seldom get the flu, but I go ahead and get the shot every year anyway because if no one does, there's little motivation for pharma companies to develop future flu shots. Which means in the really bad flu years, there's a shortage because only one company is making the shot.

There is simply no correlation between humans and flu and Macs and malware. They don't relate at all. Anti-virus is not necessary for protection for Macs against malware at this time. If you read this, you'll understand why: Mac Virus/Malware Info

 

[munkery]

If mac users don't use av software, there's little motivation for anyone to supply it. If NO ONE is working on av software, then in the eventuality that we do need it, we're all starting from scratch. That's just never a good place to be if you can with minimal effort prevent it.

It's kind of like getting your flu shot in a year when the flu isn't supposed to be particularly bad. I seldom get the flu, but I go ahead and get the shot every year anyway because if no one does, there's little motivation for pharma companies to develop future flu shots. Which means in the really bad flu years, there's a shortage because only one company is making the shot.

Flu vaccines are very much like AV software for Mac. They both rely on fear, uncertainty, and doubt. H1N1 killed fewer people per year than the more typical strain of flu but the marketing hype made big business a lot of money.

 

[komseban]

Does this mean I shouldn't bother installing Sophos for my mpb?
So many conflicting opinions.

 

[munkery]

Does this mean I shouldn't bother installing Sophos for my mpb?
So many conflicting opinions.

Some think, including myself, that AV software at this point in time does not provide very much extra protection so using AV software is just a waste of system resources.

But, I use ClamXav anyway given that it uses very little cpu cycles. ClamXav does fail to release RAM after a scan but should give up those resources if needed by another process. ClamXav only chronically uses these resources if you set up the Sentry. If the Sentry is not used, then it only uses resources during an on-demand scan. On-demand scans can be set to run automatically at a specific time via the ClamXav UI that adds the scan settings to cron. ClamXav gives you more options related to how it will take up resources. Other AV software, such as Sophos, for Mac includes full on-access scanning that doesn't give you choice in how resources are used by the AV software.

I use AV software to prevent accidentally spreading Windows malware to Windows users. There are trojans for Mac OS X but these can be easily avoided by not password authenticating install prompts that you have not explicitly initiated (double clicked), not installing pirated software, and not installing free software from untrusted sources. Also, Mac OS X, as of Snow Leopard, includes a basic AV scanner that detects these trojans when you attempt to install the malware.

Do not run AV software if you do not want to give up resources to most likely only prevent the accidental spread of Windows malware, such as by forwarding an infected email. Or, run AV software most likely for little benefit to yourself. Additionally, ClamXav does include new definitions for Mac malware a fair bit of time prior to those definitions being included in XProtect (the AV scanner in Snow Leopard). Also, XProtect can not be used for an on-demand scan to check for malware after it may have been installed, so AV software may give you peace of mind if you do not feel comfortable not having AV software on your system.

 

[GGJstudios]

Does this mean I shouldn't bother installing Sophos for my mpb?
So many conflicting opinions.

Read this, then decide for yourself: Mac Virus/Malware Info

 

[markfrautschi]

I recommend Sophos AV for Mac/Linux/Windows servers and desktops

I have used Sophos Endpoint Security Small Business Edition in various forms in small businesses since Fall 2005. There have been a few false positives early on, and a higher rate of requests to send samples of suspicious code to Sophos Labs, compared with Symantec's corporate software offerings.

The difference between the free home edition and the corporate Mac client seem to be the stripping away of remote management interface and the ability to receive local AV updates. The executables are almost exactly the same size.

For those who insist that Mac OS X needs not AV protection, I politely disagree. May I call you the Mary Mallon camp? Who was Mary Mallon? She was an Irish immigrant to the US at the turn of the last century. She was a cook. Today we know her as "Typhoid Mary". Approximately 30 people died as a direct result of the Typhus virus she carried, but was apparently immune to.

Martin Luther King said that "None of us are free unless all of us are free." Taken to a new context, computer security, "None of us are secure unless all of us are secure." Yes, Macs may be largely immune in today's threat environment." But threats change. But we all communicate with the Windows world. Please consider taking one for the team and getting some sort of AV. This is one excellent option. It runs on Mac OS X and Mac OS X Server just fine.

So which are you? Mary Mallon or Typhoid Mary? I am sure that it seemed very unfair to Mary Mallon that she should be quarantined when she showed no symptoms. Which is the greater good?

Incidentally, Sophos for the Mac is also an excellent tool for fighting viruses on Windows PCs and Servers. Using Snow Leopard's undocumented (and not ready for prime time) NTFS read/write mount capability (e.g. NTFSMounter) one can scan for viruses on an NTFS volume and remove them. (One cannot remove rootkits completely or scan the Windows registry. This is only a first step.) This can be a valuable first step in removing viruses and other malware from an infected PC or Server. (The next step is to scan from a virtual PC and dispose of that PC and replace with a fresh backup to guarantee no infection during the scan. Finally one uses tools on the running PC itself.)

 

[munkery]

Reason not to use AV software with real-time scanning with elevated privileges.

 

[GGJstudios]

For those who insist that Mac OS X needs not AV protection, I politely disagree .... Today we know her as "Typhoid Mary". Approximately 30 people died as a direct result of the Typhus virus she carried, but was apparently immune to.

Poor analogy. Mary was a source of the virus. Macs are not the source of Windows viruses. No Mac can have a file containing a Windows virus, unless it first receives that file from a Windows computer. Windows, not Mac, is the source for Windows viruses.

Yes, Macs may be largely immune in today's threat environment.

Macs are not immune. They are not affected in any way by Windows malware, but they are not immune to threats. The only malware threats in the wild that can affect current Mac OS X are those which can be avoided by prudent action on the part of the user.

But threats change.

Yes, they do change. If the situation changes and a virus is introduced in the wild that affects Mac OS X, it will make news headlines and anyone paying attention will be alerted. Until that time, no AV software can detect a threat that does not yet exist.

But we all communicate with the Windows world.

Not every Mac user shares files with Windows users. You can communicate with Windows users without sharing files that could pose a threat.

Please consider taking one for the team and getting some sort of AV.

Interesting you should choose that phrase:

1. take one for the team
The act of someone willingly making a sacrafice for the benefit of others.

The only ones who would benefit by Mac users making the sacrifice of system performance in running AV software are Windows users who don't run AV software. Even then, it would only protect them from infected files you might send them. It would not protect them from files sent from other computers, websites, emails, IMs, etc., which pose a far greater threat than any Mac.

If Windows users are properly protected, they have no need for Mac users to run AV, since they're protected from threats, no matter where they come from. If you want to do this, that's your choice, but I have no desire to take steps to try to protect any Windows users who don't care enough to protect themselves.

 

[MaxMike]

I decided to give it a try and all it ever finds are little things that only can affect Windows

 

[davegoody]

AV Vendors Can't win !

I decided to give it a try and all it ever finds are little things that only can affect Windows

Would you be happier if Sophos or any other OSX AV solution found lots of Viruses on your system ? - It is not about clearing your system of OSX malware, at the time of writing this there is little to zero by way of Viruses etc out there for OSX. - As the platform gains more and more market share, this is likely to change. Better to be as prepared as possible. After all you don't go out on a Saturday night, meet a girl, take her home, put on a condom to stop you getting a Virus you already have, it is there as a prophylactic, to PREVENT you getting a Virus or other nasty ailment.

As for the "Only" little things that it finds being Windows based Malware, if you use a machine on a professional basis, with both Windows and OSX machines, it makes sense to use AV to stop you inadvertently passing on nasty things to your Windows based Colleagues, where you don't even know you are doing it.

 

[redsoxunixgeek]

As an IT Manager...

I use Sophos. And it is awesome, easy to use, and would recommend it to everyone, including their pure message mail sanitizing program. Best on the Market, especially when used with a Barracuda Firewall.

Now My VPN policy for ALL users, is when they sign on to the VPN they have a host check that verifies

1. Anti Virus Software is installed

2. The Machine signing in has been scanned for viruses within the last 3 days prior to sign in.

3. The AV software is updated with the latest updates.

If all 3 pass, (plus their RSA Key and their Digital Certificate) then they can sign in,

If not, they go to download it.

This is just common sense in my opinion, and good practice for those of us that are short staffed and need to protect our network resources.

 

[maccompaq]

I don't use AV software on my Windows computers nor will I use it on my Macs.
And believe it or not, I have not had an infection in all the years (many) that I have been on the net.

 

[Tonsko]

With full respect for your decisions, if you'll pardon me, I think that's a little bit crackers.

How do you know if your machine isn't part of a botnet? Have you eschewed only AV and simply subsist on your router f/wall and software firewall? Only run as user not admin? None of the above? Something else?

 

[Wolfpup]

I used to think you didn't REALLY need it if you didn't do anything stupid, but then I had it catch something in a banner ad a couple of times, so...now I think it's just better to be safe than sorry.

I think those two attacks are the only times I've been attacked, although I've heard of more recent things like that too.

 

[maccompaq]

With full respect for your decisions, if you'll pardon me, I think that's a little bit crackers.

How do you know if your machine isn't part of a botnet? Have you eschewed only AV and simply subsist on your router f/wall and software firewall? Only run as user not admin? None of the above? Something else?

I have a bunch of Windows and Mac computers in my house. Everything is backed up onto every computer. If I should ever get a virus, I would just go to another computer. The infected computer would be reformatted later without a worry about losing anything.

I would know immediately if ever infected by a botnet.

 

[Snik]

I have just installed Sophos Anti Virus - what a mistake!

I decided to install it because I have been a long term user of Sophos at work on the corporate PC and having installed the latest OSX I saw virus checkers in the App Store and a recommendation for Sophos there in a reference for another product.

I ran a scan and a couple of PC specific malware files were found and destroyed.

Then I noticed that my Time Machine back up was struggling.

It turns out that there are issues with Sophos and Time Machine.

I moved my Time Machine back ups to a DroboFS in December I have now lost all my back ups since then.

Once I have backed up again I will be deinstalling it - bet I find that I loose the new back up then!

 

[jace88]

Ouch that sounds bad but good thing I don't use Time Machine. I'm thinking of downloading/installing this on my MBA! Reviews on the net (e.g. CNET) make it sound quite good.

 

[Truffy]

There is no reason to put anti-virus software on your Mac!

It will not protect you from anything that is out there.

Sophos may be a reputable company or it may not be but you do not need this and it can only harm your system and promote a business that feeds on fear.

We (the Mac community) should not let the security industry get a toe hold in OSX.

This is quite ignorant on a number of levels:

1. Trojans do exist for OSX, although unless you're logged in as admin (and who routinely operates their Mac like that? ) the request to install should alert you to something wrong.

2. Security through obscurity is no security at all, especially as OSX and iOS become more mainstream.

3. If you send files to friends, relations, or business colleagues with a less fortunate computing experience it would be playing nice not to pass on nasties to them.

Even Apple seems to think so, or is ClamXav no longer installed by default on OSX (server)?

 

[Tonsko]

Talk to GGJStudios about point #3. He will rip your head off and call you unprofessional

 

[GGJstudios]

This is quite ignorant on a number of levels:

It's not ignorant at all.

1. Trojans do exist for OSX,

Yes, a handful do, and they can be easily avoided with a reasonable dose of common sense.

although unless you're logged in as admin (and who routinely operates their Mac like that?

I do, as do many others. There is no problem running on an admin account, if you're even moderately aware of what you're doing.

the request to install should alert you to something wrong.

Exactly. See "common sense" remark above.

2. Security through obscurity is no security at all, especially as OSX and iOS become more mainstream.

The market share myth is ridiculous and has no basis in fact. The fact is, OSX has a larger market than ever before, growing by over a million Macs every month, and the number of malware threats is at an all-time low, the number of viruses is now zero.

3. If you send files to friends, relations, or business colleagues with a less fortunate computing experience it would be playing nice not to pass on nasties to them.

If they use even a tiny amount of the above-mentioned common sense, they already have anti-virus running on their computers. If not, they have a much larger exposure to malware from other sources than they do from a Mac user sending them a file. If someone stands in the middle of the freeway, my choosing to drive on a different road to avoid hitting them does nothing to ensure they're protected.

Talk to GGJStudios about point #3. He will rip your head off and call you unprofessional

No, he won't. He will, however, respectfully point out the fallacy of that argument.

 

[Alanki30]

Caveats...

I've been running Sophos (the real version, 7.2.3, not this new free version) for years and years and years and never had problems with it, and yes I'm a Mac user, and yes it has detected files with problems. So the stick-your-head-in-the-sand approach advocated by some here seems silly.

1) I have no problems with my Time Machine backup at all, ever. However mine is a USB backup and not airport, and it isn't a Time Capsule. Perhaps those impact whether it works well or not. So just saying "It doesn't work with Time Machine" as some have stated here, is not accurate.

2) Someone way back in the thread mentioned that their appearance settings randomly reset. Interesting. I have been having this problem for months (appearance and trackpad settings randomly resetting to default) on my Macbook Pro. I've trashed prefs, and done all the other usual things one does when wacky things happen. Yet it still happens, seemingly randomly. I'll keep an eye open for whether Sophos is doing something when that happens. Perhaps that's the cause I've ben looking for!

 

[GGJstudios]

I'yes I'm a Mac user, and yes it has detected files with problems.

What kind of problems, exactly? Windows malware? Mac malware?

 

[Wolfpup]

It's not ignorant at all.

Yes, a handful do, and they can be easily avoided with a reasonable dose of common sense.

That's true, but it's true of Windows too. If you're sensible, you probably won't get infected. But given these things have no real overhead, and there is a real risk, it's just sensible to use it.

There is no problem running on an admin account, if you're even moderately aware of what you're doing.

It still prompts if something's trying to use your admin/root privileges, right?

The market share myth is ridiculous and has no basis in fact.

Of course it does. A quick Google finds multiple Mac hackers saying that actually OS X is easier to hack. Market value of doing so or effort required to hit a much smaller target are the reasons cited for generally not bothering.

You already know Apple's software has exploits too, if you've ever run any Apple software and not disabled updates.

This is just the reality of the modern world-our computers are connected. Our software is insanely complex. Put the two together, and you end up with all sorts of issues being discovered.

 

[munkery]

1. Trojans do exist for OSX, although unless you're logged in as admin (and who routinely operates their Mac like that? ) the request to install should alert you to something wrong.

2. Security through obscurity is no security at all, especially as OSX and iOS become more mainstream.

That's true, but it's true of Windows too. If you're sensible, you probably won't get infected.

It still prompts if something's trying to use your admin/root privileges, right?

Trojans prompt for password in OSX Admin accounts. Leap-a could infect 10.4 systems without password prompt but was severely crippled if it was not installed with authentication; for example, it could not infect iChat to spread itself without password authentication at install. Also, it could only spread on PPC systems. Leap-a took advantage of 10.4's input manager system and the problems with input managers were eliminated in 10.5 + so that all input managers require password prompts and do not function with 64 bit processes.

This type of insulation from trojans does not exist in a Windows XP admin account as the user has superuser privileges without authentication. This type of insulation from trojans is limited in Windows Vista/7 as many client side applications that receive remote input, such as some online games and AV software, require superuser privileges to function. Trojans that use an applications with elevated privileges as a vector to install do not require authentication at installation.

Also, viruses and worms by definition do not require authentication to install and Windows has a history of these types of exploits while Mac OS X as of yet has not had a virus or worm. This is due to Mac OS X having a low incidence of privilege escalation exploits which negates security through obscurity arguments.

Of course it does. A quick Google finds multiple Mac hackers saying that actually OS X is easier to hack. Market value of doing so or effort required to hit a much smaller target are the reasons cited for generally not bothering.

Those arguments rely on a comparison of the default setup of the web browser of each OS and are not relevant to how each OS is actually used for day to day use. The issues of those arguments has been summarized elsewhere in this forum.