Say some words like "Hocus Pocus" or "Alakazam" to your Mac, it will work just as well.
Sophos or ClamXav hands down. Those saying you don't need protection because Macs don't get virii... sounds like the straight community saying they didn't need protection during the 80's AIDS epidemic. Nothing is malware proof. Nothing.
Wasn't the recently appeared flashback malware was capable of getting into macs without the aid of the user?
Infection
Only after downloading the payload does Flashback.I proceed with infecting the machine. To do so, the malware prompts for the administrator password, as in the following screenshot:
The icon indicated by the red box in the screenshot is the PNG content returned by the remote host. This is dropped to the location '/tmp/.i.png' on the system. Since this image is controlled by the remote host, it can be changed any time the author deems necessary.
Installation
There are two files that are dropped and executed on the system when users visited a malicious webpage.
The first file is an updater component. It is dropped in the users home folder. It may have the default filename ".jupdate" or a filename supplied by the malicious webpage. The filename will always start with a ".".
A launch point is then created for the updater component in the ~/Library/LaunchAgents folder. It may have the default filename "com.java.update.plist" or a filename supplied by the malicious webpage.
On the first execution, this component reports to the following:
http://[...]31.31.79.87/[...]/stat_svc/
On the second execution and onwards, it connects to a hard coded list of addresses to download it's update.
The second file is the downloader component just like the previous variants. It is dropped and executed in the /tmp folder. It may have the default filename "Update" or a filename supplied by the malicious webpage.
The malware then reports to the following location whether it successfully exploited the system or not:
http://[...]31.31.79.87/[...]/stat_j/%result%
The only two ways the Flashback could infect is through Java vulnerabilities, which are nullified by disabling Java in your browser, as has been recommended for at least 18 months, or by entering your admin password when asked, which has never been recommended for unknown software.Wasn't the recently appeared flashback malware was capable of getting into macs without the aid of the user?
As has been proven many times, antivirus apps are not completely effective in detecting and protecting against malware. The danger in your recommendation is the tendency that many will have to adopt a false sense of security, just because they have an antivirus app installed. As an example, when MacDefender first appeared on the scene, no antivirus app, including Intego's, identified it as malware, while those practicing the safe computing tips listed below were completely protected.Get some protection that works and move forward.
Anti virus apps may not be perfect, but Intego identified the Flashback Trojan way back in September and users like me have been protected from this nasty ever since. Why would one not want that security.
And yet the safe computing practices described below will protect against all variants of Flashback, as well as any other malware that's ever been found in the wild for Mac OS X.I note in their security blog, they are advising that Apple's removal tool only removes the most common variants of Flashback, leaving Macs exposed to the considerable remainder.
It's not meaningless at all. All Mac OS X malware in the wild can be prevented by practicing safe computing, as described earlier in this thread. No antivirus apps are necessary to defend against current Mac OS X malware. If a true virus were released in the wild, that situation would change, as viruses can infect and spread regardless of any action on the part of the user. To successfully defend against a virus, antivirus software is required. Fortunately, we're not there yet.The fact that OS X doesn't have any true viruses is meaningless.
It amuses me that everyone is quick to point out that there are still no known viruses for OS X in large, bold, noticeable letters, but digress to say that there is malware and an increasing amount of it.
Sophos should be avoided, as it could actually increase your Mac's vulnerability, as described here, here and here.
Maybe have a look at ClamXav instead, if you really need protection.
And how can something like an AV application protect you, that does not exist and doesn't know to look for, even with all the heuristic magic it will be impossible to detect a Mac OS X virus, since it has nothing to base its magic on?
There's only so many ways you can answer the same question. If you want different responses, ask different questions.simsaladimbamba and GGJstudios can't help that all their posts are copy pasted from the textbook of discussion destruction.
Most respected by whom? Certainly not by everyone.You do realize Sophos is one of the most respected and largest Mac enterprise AV solution?
You apparently didn't read and comprehend the links. Sophos introduces a vulnerability that isn't present with other antivirus apps, such as ClamXav. You can't "patch" the fact that Sophos runs with root privileges, something that could be exploited by malware. That vulnerability, however significant, is not introduced by apps like ClamXav.Providing me 3 links of issues that can be patched doesn't mean it should be avoided.
Most respected by whom? Certainly not by everyone.