Virus Scan Question...

Discussion in 'Community Discussion' started by 18percentgray, Aug 26, 2011.

  1. 18percentgray macrumors newbie

    Joined:
    Aug 25, 2011
    #1
    Does a virus scanner do anything to your files when it's scanning them?

    Does it leave a footprint? :confused:
     
  2. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #2
    No, it just reads them to see if there's any virus footprints

    With that said, there are no viruses in the wild for OSX. I would say that running a scanner and/or installing antivirus is not needed for OSX.
     
  3. 18percentgray thread starter macrumors newbie

    Joined:
    Aug 25, 2011
  4. itickings macrumors 6502a

    itickings

    Joined:
    Apr 14, 2007
    #4
    Usually not, unless they've got something to hide... :p

    Depending on the scanner and settings, files containing (potential) malware might get moved, deleted or even modified/repaired.
     
  5. 18percentgray thread starter macrumors newbie

    Joined:
    Aug 25, 2011
  6. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #6
    Just to correct you on this. The term "viruses" here is being used to describe malware. In that sense then yes OSX has viruses.

    Examples of OSX "Viruses" are things like MacDefender. OSX has had multiple Trojans. That being said it is really not needed. Big time considering unless you are a major company there is no need since most Email providers out there scan and kill any viruses emailed..
     
  7. 18percentgray thread starter macrumors newbie

    Joined:
    Aug 25, 2011
  8. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #8
    if you want to get a virus scanner for a mac I would say go get one of the good free ones like avg. Hell Avg is what I use 7 year old XP desktop because I sure as hell am not going to pay for av software on a computer I use maybe once a month and generally for very limited thing.
     
  9. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    No, virus scanners don't modify files or leave footprints, unless they detect malware. However, you don't need any antivirus software to protect Mac OS X from malware. No viruses exist in the wild that can run on Mac OS X, and there never have been any, since it was released 10 years ago. The handful of trojans that exist can be easily avoided with some basic education, common sense and care in what software you install:
    If you insist on running antivirus anyway, ClamXav is a good choice, since it doesn't run with elevated privileges and isn't as much of a resource hog as other alternatives.
     
  10. (marc) macrumors 6502a

    (marc)

    Joined:
    Sep 15, 2010
    Location:
    the woods
    #10
    Let's me stress this again, there's no need for a virus scanner on Mac OS X.
     
  11. itickings macrumors 6502a

    itickings

    Joined:
    Apr 14, 2007
    #11
    Sure there is. You wouldn't want to pass on malware to others for example. Not everything is about your computer ;)
     
  12. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #12
    Read the "What about sending files to Windows users?" section in the link I posted.
     
  13. itickings macrumors 6502a

    itickings

    Joined:
    Apr 14, 2007
    #13
    Although I love potent analogies, I'm a bit skeptical that I should cough on anyone i like, as often as I like, as long as I encourage other people to take flu shots... ;)

    As I see it, passing malware to a client would be very bad, regardless of whether or not they're running antivirus of their own. If they do, and they see that I send them malware, then it's bad. If they don't, and they get infected by something I sent, then it's bad as well.
     
  14. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #14
    The only way you can send malware to a Windows PC is if you first receive it from another Windows PC. If you're routinely accepting files from random Windows users without knowing if they run AV, then you're passing those files to other Windows users without knowing if they have AV, you're engaging in high-risk activities in the first place. If you're creating files on your Mac and sending them to Windows users, there is zero chance of sending them infected files.

    I simply don't accept files from people I don't know, and every Windows user I accept files from is running AV, as they should. Therefore, running AV on my Mac is completely pointless.
     
  15. itickings macrumors 6502a

    itickings

    Joined:
    Apr 14, 2007
    #15
    ...because we all know that you can't get files containing malware for Windows from someone running Mac OS X. Or Linux. Or other safe systems. Right?

    Right!
     
  16. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #16
    You can't create a file on Mac OS X or Linux that will infect a Windows computer. For a file to be infected with Windows malware, it must first come from a Windows computer, no matter how many times it's passed around. Again, if you aren't indiscriminately accepting files from untrusted sources and passing them along, there is nothing to worry about. If you're downloading pirated apps or accepting email attachments from just anyone, you shouldn't be passing such files to others in the first place.
     
  17. itickings macrumors 6502a

    itickings

    Joined:
    Apr 14, 2007
    #17
    While I do admire your dedication, I'm not sure a crusade against all forms of virus scanning on Mac OS X is the worthiest of causes...

    A file capable of carrying malware is capable of that regardless of the sender's system. Tracing the lineage of a file capable of carrying malware through multiple senders, identifying the last Windows system it visited and being confident that the system in question was running functional antivirus software and that it was recently enough so that newer definitions won't make a difference is … difficult. You may be a master of that art, but I'm not. From what I've seen, few people are.

    People make mistakes, systems fail, IT departments screw up… Only a few levels of supposedly trustworthy parties are required before it isn't feasible to be in complete control anymore. Where is the harm in scanning a file before passing it along?

    My example about passing files to a client isn't about pirating stuff or forwarding random junk from strangers, but rather relaying requested or expected files from known sources. In your world that means that I can have complete faith in the files since the people involved are supposed to have antivirus installed, but real life is unfortunately more complex than that. All in all, scanning files capable of carrying malware before sending them to a client is less of a nuisance than what getting caught sending unscanned malware to the client would be.

    No, antivirus isn't required on Mac OS X from a practical point of view (or even recommended), at least not at this point, but it can still be useful and fulfill a need.
     
  18. (marc) macrumors 6502a

    (marc)

    Joined:
    Sep 15, 2010
    Location:
    the woods
    #18
    Of course you can. That's how the jailbreaks via Safari work.
     
  19. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #19
    Name one example where a file created on a Mac has ever infected a Windows system with malware.
     
  20. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #20
    No AV software has 100% detection rates so Windows users running AV still have the potential to get infected and pass infected files to Macs. These files will not infect Macs if the files don't contain a payload for Mac but Mac users can still inadvertently pass the files to Windows users. The files are more likely to be detected on a network using multiple OS platforms that are running AV software from various vendors given that different AV software have varying efficacy in detecting any given malware threat.

    Also, cross platform malware downloaders, often based on Java, could sit on a Mac undetected waiting until the malware developer releases a payload for Mac to be able to cause infection. An example of a scenario similar to this occurring in the wild is the koobface variant, called boonana, that had a Mac payload.

    This is not true. As a proof of concept, download Metasploit and use it to compile malware for other OSs from within OS X.

    It is possible to create malware for any OS that will spread malware to other platforms as well.

    How do you know those using Metasploit to create Windows malware in the wild aren't doing so on OS X and testing the malware via virtual machines for stability reasons?

    Using an alternative OS and testing exploits via virtual machines is a common practice with penetration testers and malware developers.
     
  21. GGJstudios, Aug 28, 2011
    Last edited: Aug 28, 2011

    GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #21
    I didn't say anything about creating software. I said you can't create a file (document, spreadsheet, PowerPoint, picture, movie, etc.) on a Mac that can infect a Windows computer. A Mac user, in the normal course of doing business without malicious intent, cannot create a file that can infect a Windows computer.

    If a Windows user is running a decent antivirus app that's up to date, there is no Windows malware that you could detect with a Mac AV app that wouldn't also be detected with the Windows AV app. If someone wants to run AV on a Mac, that's their choice, but my point is that you do a Windows user a better service if you make sure they run their own AV, since there are many more sources of malware than simply accepting files from a Mac.

    I'm not against someone running 3rd party antivirus on a Mac, if they choose to. I oppose the idea of depending on it as the only or primary line of defense. I also oppose the idea of Windows users depending on Mac users' AV as their only or primary line of defense.
     
  22. munkery, Aug 28, 2011
    Last edited: Aug 28, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #22
    This is not true. As a proof of concept, download Metasploit and use it to create a file in OS X that can infect a Windows computer.

    Mac malware could contain code that functions in the same way as Metasploit to create or modify existing files on a Mac to produce Windows malware.

    This is not necessarily true. Different AV clients have different detection rates and varying levels of efficacy in detecting different malware types. Diversity in both OS and AV software within a network promotes security.

    I doubt any Windows user is that blunt.
     
  23. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #23
    First, that's a proof of concept, not something an average user would encounter in the wild. Second, that implies intent to create malware, which isn't what I'm referring to. As I said, a Mac user who isn't operating with malicious intent cannot create a file such as a document, spreadsheet, etc. that contains Windows malware. You can't open Word or Pages or Excel or Numbers or any other normal app on a Mac, create a file that you want to share with a Windows user, and have that file contain Windows malware. I'm not talking about a hacker or malware developer who is intentionally trying to infect other systems and I'm not talking about creating code or any software designed to infect.
    Again, nothing exists in the wild that does this. I'm talking real life, not theoretical.
    Can you name one example of any Windows malware that is detected by a Mac AV that isn't detected by a Windows AV?
     
  24. munkery, Aug 28, 2011
    Last edited: Aug 28, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #24
    Obviously, malware has to be involved. This is possible if malware exists on the Mac that serves that intended function.

    Not true, analogous examples do exist in the wild. For example, any cross platform malware, such as those based on Java, that can send and recieve payloads to any OS. A specific example is the koobface variant referred to as boonana.

    Are some AV solutions with higher detection rates available for Mac?

    Yes.

    If a Windows user is using an AV solution with lower detection rates than a Mac AV solution with greater efficacy, is it possible that the AV on the Mac will detect the threat while the AV on the Windows PC won't detect the threat?

    Yes.

    http://www.av-comparatives.org/images/stories/test/ondret/avc_retro_may2011.pdf
     

    Attached Files:

  25. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #25
    Name any Mac OS X malware that exists in the wild that infects documents, spreadsheets, etc. created on a Mac with Windows malware. It doesn't exist. Plus, as you know, all Mac OS X malware that exists in the wild can be avoided by the user employing safe computing practices.
    As I said:
    I still haven't seen one example of Windows malware that was detected by Mac AV that wasn't detected by Windows AV.
     

Share This Page