Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I have just installed Sophos Anti Virus - what a mistake!

I decided to install it because I have been a long term user of Sophos at work on the corporate PC and having installed the latest OSX I saw virus checkers in the App Store and a recommendation for Sophos there in a reference for another product.

I ran a scan and a couple of PC specific malware files were found and destroyed.

Then I noticed that my Time Machine back up was struggling.

It turns out that there are issues with Sophos and Time Machine.

I moved my Time Machine back ups to a DroboFS in December I have now lost all my back ups since then.

Once I have backed up again I will be deinstalling it - bet I find that I loose the new back up then!

:mad:

Ouch that sounds bad but good thing I don't use Time Machine. I'm thinking of downloading/installing this on my MBA! Reviews on the net (e.g. CNET) make it sound quite good.

I've been running Sophos for 3 months, with Time Machine via firewire, etc. No issues with either.

2.8ghz i7/16gb
 
Trojans prompt for password in OSX Admin accounts.

Good to hear that's still in place.

This type of insulation from trojans is limited in Windows Vista/7 as many client side applications that receive remote input, such as some online games and AV software, require superuser privileges to function. Trojans that use an applications with elevated privileges as a vector to install do not require authentication at installation.

Not if you have UAC set correctly, although unfortunately it was weakened by default in 7, because of whining.

This is due to Mac OS X having a low incidence of privilege escalation exploits which negates security through obscurity arguments.

That's not true. Actually last year Apple's overtook Oracle for the most security vulnerabilities. It just isn't worth as much to develop for.
 
Not if you have UAC set correctly, although unfortunately it was weakened by default in 7, because of whining.

Even at that level it's a real PITA. Seriously, not only it pops up way too often, but it slows down installations. Some older computers and netbooks just freeze for several minutes after trying to open large installers, while UAC is analyzing or something.
 
Even at that level it's a real PITA. Seriously, not only it pops up way too often, but it slows down installations. Some older computers and netbooks just freeze for several minutes after trying to open large installers, while UAC is analyzing or something.

Regarding the first point, that's not true at all. There's no reason you should be seeing it in normal use on a day to day basis. It's the same as in OS X. Regarding the latter...I haven't had that happen, but I did see on GOG.com they mentioned that it can take a while with large installers on some systems with that on.
 
Not if you have UAC set correctly, although unfortunately it was weakened by default in 7, because of whining.

Explain how to set UAC up correctly to eliminate that issue with online games?

"Run as Administrator" sets the application to run with Superuser privileges. Turning UAC off sets the Admin account to run as Superuser without authentication so same security as XP.

That's not true. Actually last year Apple's overtook Oracle for the most security vulnerabilities. It just isn't worth as much to develop for.

Because the cumulative vulnerabilities of third party software such as Flash, Java, and etc included by default in Mac OS X inflate the count for Apple. Vulnerabilities are attributed to the vendor if included by default. Most of these third party softwares have worse security in Windows.

What type of vulnerabilities? Most vulnerabilities for any OS are not privilege escalation. Privilege escalation is rare for OSX.

Were they exploitable? Not all vulnerabilities are exploitable (~25%).
 
Explain how to set UAC up correctly to eliminate that issue with online games?

There's nothing to set up. You should increase the setting to maximum when you first install Windows 7, but other than that it has nothing to do with playing games online.

Because the cumulative vulnerabilities of third party software such as Flash, Java, and etc included by default in Mac OS X inflate the count for Apple. Vulnerabilities are attributed to the vendor if included by default. Most of these third party softwares have worse security in Windows.

Flash, Adobe, Java, etc. all have virtually identical issues under all three OSes. It's rare you see something that only affects one, unless it's a significantly different program.
 
There's nothing to set up. You should increase the setting to maximum when you first install Windows 7, but other than that it has nothing to do with playing games online.

You should have a unique identifier (password) attached to authentication mechanism (UAC in Windows). So, Windows users should run as standard users. But, using a standard account in Windows causes issues with some software, such as some online games, that require admin accounts (or "run as administrator"; superuser) to function. Many online games on Windows 7 still require running as Administrator (superuser privileges) to function. This requires setting the "Properties" to allow "run as Administrator" or turning off UAC. This is risky as the games connect to remote servers and download content. Trojans are installed without authentication if accessed with superuser privileges. This example, using online games, shows the problem with how software is being written for Windows. This problem lead to DLL hijacking exploits. You definitely need good antivirus software in Windows to more safely play games that require Administrator privileges.

The issue with online games found in Windows is not problematic on Mac OS X given that software for Mac is written following the guidelines of the principle of least privilege more so than Windows software. For example, I have played online FPS games on my Mac with standard account privileges that require "run as Administrator" (superuser privileges) in Windows systems. Mac OS X is much better insulated from Malware.

Flash, Adobe, Java, etc. all have virtually identical issues under all three OSes. It's rare you see something that only affects one, unless it's a significantly different program.

Vulnerabilities in those components in Mac OS X are attributed as OS X vulnerabilities because OS X includes them by default so this artificially inflates the number of vulnerabilities in OS X when looking at vulnerability comparisons. These components have worse security in Windows. How these vulnerabilities manifest in Windows is through Internet Explorer.

Internet Explorer is worse because these components often have no security mitigations in Windows and disable the security of IE while these components only have lessened security mitigation in OS X. This problem with third party software in Windows is shown in this article.

That article also makes it apparent that Windows does not have full ASLR given that a lot of software has DLLs that are not randomized. Mac OS X is criticized for not having full ASLR because the dyld is not randomized but dyld is directory of dylibs which are the Mac equivalent of DLLs. Luckily the DLL hijacking issue in Windows is not a problem for Mac OS X.

Privilege escalation is required for virus install but browser exploits only allow for arbitrary code execution with user level privileges. Arbitrary code execution allows the attacker to take control over the vulnerable process with the level of privileges of the process which is usually that of the user (Safari has the current user's level of privileges). Privilege escalation is possible if a component (kernel or DLL) of the OS with elevated privileges is accessible by the compromised process but only if that component also has a vulnerability that is exploitable. Therefore, both the arbitrary code execution exploit and the privilege escalation exploit have to be linked together in a logical manner. This is the difficult part; finding a string of exploits. Given that such local exploits are rare for Mac OS X (only 4 in last 3 years and only 3 were in default components), the statistical odds of finding a working string of exploits for Mac OS X is not trivial; especially, when compared to the potential to find such strings in Windows, as shown by this article and this article..

Viruses, worms, and trojans that can be installed without authentication require privilege escalation. This is why malware on Mac is limited to trojans that require authentication.
 
sophostry

I have just installed Sophos Anti Virus - what a mistake!

I decided to install it because I have been a long term user of Sophos at work on the corporate PC and having installed the latest OSX I saw virus checkers in the App Store and a recommendation for Sophos there in a reference for another product.

I ran a scan and a couple of PC specific malware files were found and destroyed.

Then I noticed that my Time Machine back up was struggling.

It turns out that there are issues with Sophos and Time Machine.

I moved my Time Machine back ups to a DroboFS in December I have now lost all my back ups since then.

Once I have backed up again I will be deinstalling it - bet I find that I loose the new back up then!

:mad:

My wife is a University employee and Sophos is one of the IT folks recommended software programs. It seems to work fine on my 2gHz MBP Core (1) Duo and on the Mini without upsetting Time Machine. My 867mHz 12" PB is slow running Leopard, barely functional if Sophos is added as well, so I do not use it on the 12". AV software may not be a necessity but, if it does not cause a problem, or slow things noticably, I think it is a reasonable precaution. I'm not sure if "herd immunity" is an apt analogy, but I think if everyone tried to avoid passing on virus/trojan/malware/spam etc it would be a good thing.
 
You should have a unique identifier (password) attached to authentication mechanism (UAC in Windows). So, Windows users should run as standard users. But, using a standard account in Windows causes issues with some software, such as some online games, that require admin accounts (or "run as administrator"; superuser) to function.

Maybe theoretically you should do that, but I don't know anyone that actually does on Windows or OS X. In both cases you aren't actually running with your full powers all the time, and get prompted to escalate if something needs admin access.

Many online games on Windows 7 still require running as Administrator (superuser privileges) to function. This requires setting the "Properties" to allow "run as Administrator" or turning off UAC. This is risky as the games connect to remote servers and download content. Trojans are installed without authentication if accessed with superuser privileges. This example, using online games, shows the problem with how software is being written for Windows.

Commercial software shouldn't be installing malware...I mean tons of it now has all kinds of DRM that is arguably malware, but...

While I'd rather run something without giving it full access to the system, ultimately you're trusting the publisher either way.

The issue with online games found in Windows is not problematic on Mac OS X given that software for Mac is written following the guidelines of the principle of least privilege more so than Windows software.

Be that as it may, that's not a problem with the OS. If games are prompting for admin access though, my guess is it's because they're installing DRM, which on either OS is going to demand mucking about in the system.

I'm opposed to most forms of DRM for a variety of reasons (and also opposed to thieves), but this has nothing to do with Windows.

Mac OS X is much better insulated from Malware.

Why?

Vulnerabilities in those components in Mac OS X are attributed as OS X vulnerabilities because OS X includes them by default so this artificially inflates the number of vulnerabilities in OS X when looking at vulnerability comparisons.

I really doubt they double count things like that, given they're counted separately. I suppose there might be some validity to it if they did.

These components have worse security in Windows. How these vulnerabilities manifest in Windows is through Internet Explorer.

Internet Explorer is worse because these components often have no security mitigations in Windows and disable the security of IE while these components only have lessened security mitigation in OS X.

I'm not seeing why you're saying there's any difference. I don't use IE or Safari as my primary browser, though there may be some validity to including one or the other in the list of OS issues, but at any rate neither yet sandboxes plug-ins to my knowledge.

That article also makes it apparent that Windows does not have full ASLR given that a lot of software has DLLs that are not randomized.

There's a flag that can be set for that, but I'm not sure where you're getting it from that article. Regardless 'some' is better than 'none'.

Viruses, worms, and trojans that can be installed without authentication require privilege escalation. This is why malware on Mac is limited to trojans that require authentication.

Which is different from Windows how?

Like it or not, it's much more cost effective to develop malware for Windows than for both platforms. That doesn't mean OS X is any more secure. Both OSes are modern, don't really have you running as admin all the time, etc.
 
Maybe theoretically you should do that, but I don't know anyone that actually does on Windows or OS X. In both cases you aren't actually running with your full powers all the time, and get prompted to escalate if something needs admin access.

The default account created in Mac OS X has password authentication. Your password is the unique identifier. Most people use the default account created by the OS for day to day computing.

Commercial software shouldn't be installing malware...I mean tons of it now has all kinds of DRM that is arguably malware, but...
While I'd rather run something without giving it full access to the system, ultimately you're trusting the publisher either way.

When the software is running with superuser privilege and connects to servers that can be controlled by anybody such as in many online games for Windows, the content downloaded from the server can be written anywhere in your system. This allows keyloggers, backdoors, and malware rootkits to be installed.


Why!.

I really doubt they double count things like that, given they're counted separately. I suppose there might be some validity to it if they did.

They count the number of items in each vendors security releases. Mac OS X includes Flash, Java, & etc by default so vulnerabilities in those are counted for Mac OS X because included in Apple security releases. Often these items constitute the majority of vulnerabilities in the security release. It is only valid if Windows users don't install Flash, Java, various ActiveX components, codecs, etc, etc, etc...

I'm not seeing why you're saying there's any difference. I don't use IE or Safari as my primary browser, though there may be some validity to including one or the other in the list of OS issues, but at any rate neither yet sandboxes plug-ins to my knowledge.
There's a flag that can be set for that, but I'm not sure where you're getting it from that article. Regardless 'some' is better than 'none'.

Except for Chrome which is sandboxed, all browser are susceptible to the security problems of the underlying OS but these issues arise in more than just the browser. An example of how they are different is Java has no security mitigations (DER or ASLR) in Windows (as shown in article) but Java has hardware based DEP and partial ASLR in Mac OS X as Java is 64 bit in OS X. Also, Mac OS X randomizes memory space into 4 byte chunks making it more difficult to defeat ASLR while Windows uses 64 byte chunks. Like you said, some is better than none.

Security mitigations, such as DEP and ASLR, can be optionally set in Windows OSes for various reasons such as support for legacy software. A lot of software for Windows comes with weak security by default and will break if the user tries to modify its settings. In Mac OS X, apps have a standard level of security mitigations dependent on the type of process (32 or 64 bit) that are set at that standard level when the app is compiled and not modifiable as in Windows (Opt-in, Opt-out, etc).

Which is different from Windows how?

Because Windows has a history of malware that achieves privilege escalation and Mac OS X does not? Check out these from late November 2010:

Security hole in Windows kernel allows UAC bypass
Nightmare kernel bug lets attackers evade Windows UAC security
UAC bypass exploit for Metasploit

That doesn't mean OS X is any more secure. Both OSes are modern, don't really have you running as admin all the time, etc.

Really?
 
Last edited:
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; de-de) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)



The big deal is that i do not want buggy, resource stealing software on my mac. Simple as that.

Do you run itunes or quicktime? Or possibly a web browser?
 
Sophos has quite a low detection rate in comparison to some others in my experience, but it's a solid AV, and one can't fault what's free.
 
when my mac gets a virus ill be shocked, il buy it when i do. (not that ill know when i have one anyway0

while typing this one of those 20 year animal adoption commercials, they make me want to punch the puppy more than help it. gosh they cant just make a short to the point video no they have to get in your face about it!:mad:

hey now, no punching poor homeless abused pets, especially poor sweet puppies and dogs!! i own a sweet doberman that i adopted from paws chicago who was used for dog fighting and now he has a home where he is loved on a daily basis, thats the only way poor abused animals have a chance, making commercials showing the fact that they need peoples help and maybe someone will even adopt one or a few... that would be great as long as the animal got in a good home!
 
it's a nice gesture, but anti-virus software on osx is about as useful as tits on a boar.
 
It IS a nice gesture... I had to uninstall it as it doesn't seem to play nice w/ Cyber Duck (app simply won't open w/ Sophos installed)....haven't run into chatter about that issue, so maybe something unique to me [shrug]
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.