Does a virus scanner do anything to your files when it's scanning them?
Does it leave a footprint?
Does it leave a footprint?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Virus Scan Question...
- Thread starter 18percentgray
- Start date
- Sort by reaction score
Just to correct you on this. The term "viruses" here is being used to describe malware. In that sense then yes OSX has viruses.
Examples of OSX "Viruses" are things like MacDefender. OSX has had multiple Trojans. That being said it is really not needed. Big time considering unless you are a major company there is no need since most Email providers out there scan and kill any viruses emailed..
if you want to get a virus scanner for a mac I would say go get one of the good free ones like avg. Hell Avg is what I use 7 year old XP desktop because I sure as hell am not going to pay for av software on a computer I use maybe once a month and generally for very limited thing.
No, virus scanners don't modify files or leave footprints, unless they detect malware. However, you don't need any antivirus software to protect Mac OS X from malware. No viruses exist in the wild that can run on Mac OS X, and there never have been any, since it was released 10 years ago. The handful of trojans that exist can be easily avoided with some basic education, common sense and care in what software you install:Does a virus scanner do anything to your files when it's scanning them?
Does it leave a footprint?
If you insist on running antivirus anyway, ClamXav is a good choice, since it doesn't run with elevated privileges and isn't as much of a resource hog as other alternatives.
Sure there is. You wouldn't want to pass on malware to others for example. Not everything is about your computer
Read the "What about sending files to Windows users?" section in the link I posted.Sure there is. You wouldn't want to pass on malware to others for example. Not everything is about your computer
Although I love potent analogies, I'm a bit skeptical that I should cough on anyone i like, as often as I like, as long as I encourage other people to take flu shots...
As I see it, passing malware to a client would be very bad, regardless of whether or not they're running antivirus of their own. If they do, and they see that I send them malware, then it's bad. If they don't, and they get infected by something I sent, then it's bad as well.
The only way you can send malware to a Windows PC is if you first receive it from another Windows PC. If you're routinely accepting files from random Windows users without knowing if they run AV, then you're passing those files to other Windows users without knowing if they have AV, you're engaging in high-risk activities in the first place. If you're creating files on your Mac and sending them to Windows users, there is zero chance of sending them infected files.
I simply don't accept files from people I don't know, and every Windows user I accept files from is running AV, as they should. Therefore, running AV on my Mac is completely pointless.
...because we all know that you can't get files containing malware for Windows from someone running Mac OS X. Or Linux. Or other safe systems. Right?
Right!
You can't create a file on Mac OS X or Linux that will infect a Windows computer. For a file to be infected with Windows malware, it must first come from a Windows computer, no matter how many times it's passed around. Again, if you aren't indiscriminately accepting files from untrusted sources and passing them along, there is nothing to worry about. If you're downloading pirated apps or accepting email attachments from just anyone, you shouldn't be passing such files to others in the first place.
While I do admire your dedication, I'm not sure a crusade against all forms of virus scanning on Mac OS X is the worthiest of causes...
A file capable of carrying malware is capable of that regardless of the sender's system. Tracing the lineage of a file capable of carrying malware through multiple senders, identifying the last Windows system it visited and being confident that the system in question was running functional antivirus software and that it was recently enough so that newer definitions won't make a difference is difficult. You may be a master of that art, but I'm not. From what I've seen, few people are.
People make mistakes, systems fail, IT departments screw up Only a few levels of supposedly trustworthy parties are required before it isn't feasible to be in complete control anymore. Where is the harm in scanning a file before passing it along?
My example about passing files to a client isn't about pirating stuff or forwarding random junk from strangers, but rather relaying requested or expected files from known sources. In your world that means that I can have complete faith in the files since the people involved are supposed to have antivirus installed, but real life is unfortunately more complex than that. All in all, scanning files capable of carrying malware before sending them to a client is less of a nuisance than what getting caught sending unscanned malware to the client would be.
No, antivirus isn't required on Mac OS X from a practical point of view (or even recommended), at least not at this point, but it can still be useful and fulfill a need.
Name one example where a file created on a Mac has ever infected a Windows system with malware.
No AV software has 100% detection rates so Windows users running AV still have the potential to get infected and pass infected files to Macs. These files will not infect Macs if the files don't contain a payload for Mac but Mac users can still inadvertently pass the files to Windows users. The files are more likely to be detected on a network using multiple OS platforms that are running AV software from various vendors given that different AV software have varying efficacy in detecting any given malware threat.
Also, cross platform malware downloaders, often based on Java, could sit on a Mac undetected waiting until the malware developer releases a payload for Mac to be able to cause infection. An example of a scenario similar to this occurring in the wild is the koobface variant, called boonana, that had a Mac payload.
This is not true. As a proof of concept, download Metasploit and use it to compile malware for other OSs from within OS X.
It is possible to create malware for any OS that will spread malware to other platforms as well.
How do you know those using Metasploit to create Windows malware in the wild aren't doing so on OS X and testing the malware via virtual machines for stability reasons?
Using an alternative OS and testing exploits via virtual machines is a common practice with penetration testers and malware developers.
I didn't say anything about creating software. I said you can't create a file (document, spreadsheet, PowerPoint, picture, movie, etc.) on a Mac that can infect a Windows computer. A Mac user, in the normal course of doing business without malicious intent, cannot create a file that can infect a Windows computer.
If a Windows user is running a decent antivirus app that's up to date, there is no Windows malware that you could detect with a Mac AV app that wouldn't also be detected with the Windows AV app. If someone wants to run AV on a Mac, that's their choice, but my point is that you do a Windows user a better service if you make sure they run their own AV, since there are many more sources of malware than simply accepting files from a Mac.
I'm not against someone running 3rd party antivirus on a Mac, if they choose to. I oppose the idea of depending on it as the only or primary line of defense. I also oppose the idea of Windows users depending on Mac users' AV as their only or primary line of defense.
Last edited:
This is not true. As a proof of concept, download Metasploit and use it to create a file in OS X that can infect a Windows computer.
Mac malware could contain code that functions in the same way as Metasploit to create or modify existing files on a Mac to produce Windows malware.
This is not necessarily true. Different AV clients have different detection rates and varying levels of efficacy in detecting different malware types. Diversity in both OS and AV software within a network promotes security.
I doubt any Windows user is that blunt.
Last edited:
First, that's a proof of concept, not something an average user would encounter in the wild. Second, that implies intent to create malware, which isn't what I'm referring to. As I said, a Mac user who isn't operating with malicious intent cannot create a file such as a document, spreadsheet, etc. that contains Windows malware. You can't open Word or Pages or Excel or Numbers or any other normal app on a Mac, create a file that you want to share with a Windows user, and have that file contain Windows malware. I'm not talking about a hacker or malware developer who is intentionally trying to infect other systems and I'm not talking about creating code or any software designed to infect.
Again, nothing exists in the wild that does this. I'm talking real life, not theoretical.
Can you name one example of any Windows malware that is detected by a Mac AV that isn't detected by a Windows AV?
Obviously, malware has to be involved. This is possible if malware exists on the Mac that serves that intended function.
Not true, analogous examples do exist in the wild. For example, any cross platform malware, such as those based on Java, that can send and recieve payloads to any OS. A specific example is the koobface variant referred to as boonana.
Are some AV solutions with higher detection rates available for Mac?
Yes.
If a Windows user is using an AV solution with lower detection rates than a Mac AV solution with greater efficacy, is it possible that the AV on the Mac will detect the threat while the AV on the Windows PC won't detect the threat?
Yes.
http://www.av-comparatives.org/images/stories/test/ondret/avc_retro_may2011.pdf
Attachments
Last edited:
Name any Mac OS X malware that exists in the wild that infects documents, spreadsheets, etc. created on a Mac with Windows malware. It doesn't exist. Plus, as you know, all Mac OS X malware that exists in the wild can be avoided by the user employing safe computing practices.
As I said:
I still haven't seen one example of Windows malware that was detected by Mac AV that wasn't detected by Windows AV.