mac av

i don't own a mac but a friend of mine just got one, apple told him he didn't need an av, I think yea of course, any thoughts here...

 

This is a subject I run hot and cold on, and I have a pair of Mac mini's so I'm speaking as a user.

There are a couple of factors arguing against the "need". Intrinsically, the OS is implemented with a decent level of security from the start. Second, the majority of application that users will install have been downloaded from the app store which is a centralized and curated source.

That said, typical users are generally their own worst enemy with regards to security since they're somewhat naive regarding the seedier elements frequenting the web and society in general. They are more likely to fall victim to the types of scenarios exemplified by the MacDefender and related incidents in which the user actively participates in the installation of the malware. This is a scenario in which the intrinsic design of the OS and availability of curated content really doesn't help.

Finally, there's the question of whether the users ISP offers free AV coverage for Mac's (for example, Comcast offers Norton free to Comcast subscribers - PS - just looked and noticed that the version of Norton provided by Comcast does not support Lion), so it's not always cash out the door.

For a somewhat typical user with access to a free solution, I see little downside and would generally recommend it. If there's no free option, I'd dig deeper with respect to how savvy that user is and their usage style.

My issue with those who are strident opponents to an AV on a Mac is that with their experience, background, and technical savvy, they're probably right - they don't need an AV, but that doesn't necessarily speak to the majority of Mac users out there.

 

Mac and Comcast user here and the version of Norton offered by Comcast works just fine on Lion.

 

I'll confirm that is the feedback from some users, but "not supported" is the official stance. I haven't looked into all of the implications of this, but for a casual user, I generally don't recommend going the unsupported route.

My own recommendation, if on Lion, is to use a version that is verified to work on and is supported on Lion

 

Sophos - free
Lion is ok

http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx

 

thanks to all for your suggestions,

 

If the MAC is used to purchase online + banking I would indeed install an antivirus solution. Better safe than sorry. I have used Eset and Kaspersky both good paid solutions, the latter buggy.

 

I have been pwnd once for sure and the second time I feel it was about a 80% I was. I wiped and used a previous clone. The first time Intego caught an Unix Arc Bomb Trojan that was relentless on trying to downloading a second payload, even after a reboot. Every 5 minutes it would try to download a different numbered file each time but my Intego VirusBarrier X5 at the time was warning me. I tried to clean/repair it, but it did not work. Again, wipe and reimaged. If I did not have Intego's VirusBarrier I would almost guarantee I would of just gone on while it had full control without a clue.

Second time downloaded a security podcast through iTunes from a white/gray hat pentester/hacker and the computer was slow and just acted weird. I had and increase in temp and the drive was working away like it was doing something it shouldn't. This includes from what I could tell more network bandwidth by use of router light more active then normal. Wipe and reimage and back to the normal working computer with less network bandwidth use.

It is 2012 nd all it will take is a Safari/Firefox vulnerability and an i-frame redirect and it will be millions of Mac taken over with almost no one ever having a chance because the nieve Mac genius at the Mac store says Macs never get attacked. I myself ding around on some seedy hacker sites so I run both Intego and Sophos. They run well together. All you need to do is consider each program safe to each others do not scan files and it has worked out great.

Yes, Macs need AV with real-time scanning. Not just on-demand like ClamXav or all the AV sold in the App Store that DOES NOT hook the Kernel.

.

 

I wrote a research paper on this about a year ago...

...the sad reality is, if you do some digging, you'll find the inconvenient truth that Macs not only ship with more vulnerabilities than Windows, but OS X also doesn't even come close to the level of security (both in functionality and in exploit mitigation mechanisms) that Windows offers.

So with the truth in mind, I don't see how Mac users can use their OS as a justification for not needing an antivirus software. I am not trying to start an argument here, as the argument tends to lead into opinion when in reality I am speaking on the facts, not opinion. Macintosh OS X is not a quick fix diet pill for internet security. No OS is or ever will be. It is essentially the same argument as those who claim they are safe because they don't use X browser over Y browser.

EDIT: ESET was one of most respectable companies to design a security suite recently for Mac. It has an elaborate user education functionality to it, that which their Windows versions do not have. I wonder why...probably because they realize that the # 1 threat to Mac users is the falsified sense of security through obscurity.

 

While you were right one year ago. OS Lion is now just a tad more secure the Windows 7. I heard that corporate pentesters could hack Leopard and Snow Leopard with ease, but Lion was kicking their but. It seems David Rice did some good over at Apple. Java and Flash open the door to every platform.
.

 

I would be very interested in seeing some links to corroborate and further elaborate on that. No offense to you, but I highly doubt Lion will maintain being "a tad more secure than Windows 7," especially if the primary improvements are based on code security (which they likely are).

When I gave Windows 7 (or Vista) the good remarks, it was based on the big picture, and the fact that Windows 7 Starter gives you more application control (through parental controls/app restriction) than Mac does. With Windows Professional, you have access to Group Policy Editor, and Software Restriction Policies (let alone AppLocker).

With the "one size fits all" mentality Apple has, I severely doubt they will ever implement something that complex, customizable, and robust into their operating system. Even if their code right now is a tad bit more secure (which still I highly doubt; ever heard of Microsoft EMET?), they don't have the powerful tools that Windows has, such as the ability to turn your system into a default-deny, locked down machine with just a few clicks.

EDIT: I just did some research, and the two most impressive improvements are application sandboxing (which is essentially the same as protected process levels with User Account Control) and full Address Space Layout Randomization which I believe is a bit more secure than what Windows 7 incorporates currently. You are correct in these aspects, but unfortunately, code mitigation is only one part of security, and Windows still does a heck of a lot more overall than Mac does. And, of course with Windows, there are a lot more security features built in that can almost eliminate the need for antivirus in the first place (though people don't use them correctly or often at all).

But hey, I'm open minded. Let me say this my friend, thanks to you, you've opened my mind. I just started taking Mac OS X seriously tonight. I never thought the day would come. I may actually considering buying one in the future...maybe. (Of course, Apple will still have to follow my Norton Rule which states that you must maintain excellence for half as many years as you've sucked before I'd consider buying.)

 

I heard this from either Carlos Perez, Lead Vulnerability Researcher at Tenable Network Security on Tenable's Podcast or Pauldotcom dot com's Podcast, or on Securabit Podcast from the researchers from GFI or Viper that are on that Podcast. I could not find were they said it about 3-4 months ago.

http://blog.tenablesecurity.com/podcast/

http://www.securabit.com/





Let's hope with Jobs passing, David Rice has more control over security issues at Apple. I think Jobs let him do only so much.


http://www.linkedin.com/pub/david-rice/0/686/7b3

http://www.tuaw.com/2011/01/23/david-rice-heading-to-apple-as-global-security-lead/

http://www.geekonomicsbook.com/biography.aspx




.

 

Thanks for the information.

Reading my previous response it sounded a bit argumentative and I just wanted to state that that is not my intent...I am definitely for Mac finally becoming more robust and secure.