Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Why Apple doesn't say anything which Antivirus the customer should use?
- Thread starter WaterFlex
- Start date
- Sort by reaction score
Currently there are zero viruses affecting Mac OS X in public circulation, but there are other kinds of malware existing, that can infect your Mac.
But as long as you don't install software from unknown and untrusted sources, you are safe, as malware needs administrative permissions to run successfully, which means, you need to install the malware yourself, it can't install itself (one of the reasons, why a Mac OS X virus hasn't appeared yet).
To learn more about malware in Mac OS X and what steps can be taken to protect yourself, read the following F.A.Q.:
Why should Apple do something like that, advertise one AV app, while most of them are just ***** and monger fear?
But as long as you don't install software from unknown and untrusted sources, you are safe, as malware needs administrative permissions to run successfully, which means, you need to install the malware yourself, it can't install itself (one of the reasons, why a Mac OS X virus hasn't appeared yet).
To learn more about malware in Mac OS X and what steps can be taken to protect yourself, read the following F.A.Q.:
Mac Virus/Malware Info by GGJstudios
The above F.A.Q. includes the following topics:
The above F.A.Q. includes the following topics:
- Malware terminology - What is the difference between viruses, worms, and Trojans?
- Antivirus apps
- What security steps should I take?
- What about sending files to Windows users?
- Why am I being redirected to other sites?
- Recent threats in the news
Why should Apple do something like that, advertise one AV app, while most of them are just ***** and monger fear?
Say some words like "Hocus Pocus" or "Alakazam" to your Mac, it will work just as well.
Ahahaha, my friend, you made me laughing
Thanks.Ok, so I don`t need it.
You probably will create more problems by installing virus protection software on your Mac. I wouldn't worry about it.
The Flashback situation did alert us, however, to the fact that you could have unwanted infection based upon a visit to a particular website without other user interaction (although to do real damage you would have to be tricked into using your password). Apple fixed it, rather belatedly depending on your point of view. So you could rely on Apple....
Besides the fact that it's not really needed, if Apple recommended an antivirus program and that program caused system issues, Apple now bears some responsibility for those issue.
And since some of the so called antivirus programs for Macs are known to cause issues, it would just be a lose - lose situation if Apple made any recommendation.
And since some of the so called antivirus programs for Macs are known to cause issues, it would just be a lose - lose situation if Apple made any recommendation.
Sophos or ClamXav hands down. Those saying you don't need protection because Macs don't get virii... sounds like the straight community saying they didn't need protection during the 80's AIDS epidemic. Nothing is malware proof. Nothing.
Sophos should be avoided, as it could actually increase your Mac's vulnerability, as described here, here and here.
Maybe have a look at ClamXav instead, if you really need protection.
And how can something like an AV application protect you, that does not exist and doesn't know to look for, even with all the heuristic magic it will be impossible to detect a Mac OS X virus, since it has nothing to base its magic on?
Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.
- Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall
- Uncheck "Open "safe" files after downloading" in Safari > Preferences > General
- Disable Java in your browser. (For Safari users, uncheck "Enable Java" in Safari > Preferences > Security.) This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan. Leave this unchecked until you visit a trusted site that requires Java, then re-enable only for the duration of your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)
- Change your DNS servers to OpenDNS servers by reading this.
- Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.
- Never let someone else have access to install anything on your Mac.
- Don't open files that you receive from unknown or untrusted sources.
- For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.
- Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.
It downloaded itself, but the user had to enter the password to actually allow the application to install or execute the installer.
Flashback.I
Infection
Only after downloading the payload does Flashback.I proceed with infecting the machine. To do so, the malware prompts for the administrator password, as in the following screenshot:
![trojan-downloader_osx_flashback_i_passwordprompt.jpg]()
The icon indicated by the red box in the screenshot is the PNG content returned by the remote host. This is dropped to the location '/tmp/.i.png' on the system. Since this image is controlled by the remote host, it can be changed any time the author deems necessary.
Flashback.K
The only two ways the Flashback could infect is through Java vulnerabilities, which are nullified by disabling Java in your browser, as has been recommended for at least 18 months, or by entering your admin password when asked, which has never been recommended for unknown software.
Being invested in both the PC world and the Mac world, I both agree and disagree with the above posters. While there are no known viruses in the wild, as pointed out, there are things that can affect/infect your mac. This is an interesting article published today, http://www.macworld.com/article/1166393/lessons_for_it_apple_in_flashback_brouhaha.html .
I think it would be wise for Mac users to start paying attention to all the threats out there and preparing for them now. Intego might be one company worth looking into since they seemed to be ahead of everyone else when it came to the Flashback attack.
Turning off Java is not something I want to do nor do I wish to turn it off and then turn it on when I need it only to turn it back off. The average user doesn't want to do that either. A good user experience is critical to the success of any OS, why place obstacles in the users path? Get some protection that works and move forward.
I think it would be wise for Mac users to start paying attention to all the threats out there and preparing for them now. Intego might be one company worth looking into since they seemed to be ahead of everyone else when it came to the Flashback attack.
Turning off Java is not something I want to do nor do I wish to turn it off and then turn it on when I need it only to turn it back off. The average user doesn't want to do that either. A good user experience is critical to the success of any OS, why place obstacles in the users path? Get some protection that works and move forward.
As has been proven many times, antivirus apps are not completely effective in detecting and protecting against malware. The danger in your recommendation is the tendency that many will have to adopt a false sense of security, just because they have an antivirus app installed. As an example, when MacDefender first appeared on the scene, no antivirus app, including Intego's, identified it as malware, while those practicing the safe computing tips listed below were completely protected.
The computing world is constantly changing, so what is true today may not be true tomorrow. So far, however, every Mac OS X malware released in the wild since Mac OS X was released over 10 years ago can be completely nullified by practicing those safe computing tips. Granted, enabling and disabling Java in your browser may be inconvenient for some, but many never need to enable it. It's up to you whether the minor inconvenience is worth keeping your Mac malware-free. An antivirus app certainly can't ensure complete protection.
Anti virus apps may not be perfect, but Intego identified the Flashback Trojan way back in September and users like me have been protected from this nasty ever since. Why would one not want that security.
I note in their security blog, they are advising that Apple's removal tool only removes the most common variants of Flashback, leaving Macs exposed to the considerable remainder.
A free 30 day Intego trial is probably the best way to ensure your Mac is clean.
I note this current update from the Intego site.
"Yet another malware has been found to exploit the CVE-2012-0507 Java vulnerability with a drive by download. SabPab is a backdoor that seeks to connect to remote command and control servers, presumably to harvest information on infected Macs. This malware installs in the user’s /Library/LaunchAgents folder, so no administrator password is needed. It places its code in the user’s /Library/Preferences folder (the com.apple.PubSabAgent.pfile):"
I note in their security blog, they are advising that Apple's removal tool only removes the most common variants of Flashback, leaving Macs exposed to the considerable remainder.
A free 30 day Intego trial is probably the best way to ensure your Mac is clean.
I note this current update from the Intego site.
"Yet another malware has been found to exploit the CVE-2012-0507 Java vulnerability with a drive by download. SabPab is a backdoor that seeks to connect to remote command and control servers, presumably to harvest information on infected Macs. This malware installs in the user’s /Library/LaunchAgents folder, so no administrator password is needed. It places its code in the user’s /Library/Preferences folder (the com.apple.PubSabAgent.pfile):"
Last edited:
While Intego may have been ahead of some other AV companies on this one, others have been ahead of Intego in other cases. No AV company is the best all the time. ClamXav is free and does a very respectable job, if you insist on running antivirus.
And yet the safe computing practices described below will protect against all variants of Flashback, as well as any other malware that's ever been found in the wild for Mac OS X.
It amuses me that everyone is quick to point out that there are still no known viruses for OS X in large, bold, noticeable letters, but digress to say that there is malware and an increasing amount of it.
The fact that OS X doesn't have any true viruses is meaningless. Windows has had very few true viruses since the release of Vista. Malware is becoming an increasing problem for OS X, whether its a virus or not. I think the flashback trojan has clearly shown that Apple has been rather lax at it's security efforts, and now it is time to step up or become like Windows did during the 9x/ME/XP era.
OP: Your probably don't need an antivirus. Apple will hopefully keep the inbuilt security tight from now on. And to be fair, these trojans are few and far between at the moment.
The fact that OS X doesn't have any true viruses is meaningless. Windows has had very few true viruses since the release of Vista. Malware is becoming an increasing problem for OS X, whether its a virus or not. I think the flashback trojan has clearly shown that Apple has been rather lax at it's security efforts, and now it is time to step up or become like Windows did during the 9x/ME/XP era.
OP: Your probably don't need an antivirus. Apple will hopefully keep the inbuilt security tight from now on. And to be fair, these trojans are few and far between at the moment.
It's not meaningless at all. All Mac OS X malware in the wild can be prevented by practicing safe computing, as described earlier in this thread. No antivirus apps are necessary to defend against current Mac OS X malware. If a true virus were released in the wild, that situation would change, as viruses can infect and spread regardless of any action on the part of the user. To successfully defend against a virus, antivirus software is required. Fortunately, we're not there yet.
simsaladimbamba and GGJstudios can't help that all their posts are copy pasted from the textbook of discussion destruction.
You do realize Sophos is one of the most respected and largest Mac enterprise AV solution? Providing me 3 links of issues that can be patched doesn't mean it should be avoided.
There's only so many ways you can answer the same question. If you want different responses, ask different questions.
Most respected by whom? Certainly not by everyone.
You apparently didn't read and comprehend the links. Sophos introduces a vulnerability that isn't present with other antivirus apps, such as ClamXav. You can't "patch" the fact that Sophos runs with root privileges, something that could be exploited by malware. That vulnerability, however significant, is not introduced by apps like ClamXav.
To be fair, there are not all that many "Mac enterprise AV solutions". Being "one of the most respected and largest" ones probably won't require many supporters at all.