[NPMUG] virus protection???

Charles Firth charles at firthconsulting.com
Thu Apr 30 20:44:10 MDT 2009 

I get this question a lot. So let me respond to the group as a whole.

First, I answer the personal question: I don't run any AV software on  
my Mac. And I feel safe. My safety is thanks to both my knowledge of  
Macintosh security and computers in general. My AV is Education.
(I should trademark that phrase!)

If your education is lacking, you may want to consider other AV  
solutions. (Lacking computer knowledge is not a sign of being "stupid"  
or an insult - we all have areas of expertise. I'm clueless about  
cars, and can't even change a tire)
Note that although my education on Windows is just as high, I still  
require AV software on all my Windows machines.

Let me explain:

1) First, and most critically - OSX does not have any viruses out for  
it (currently). It does, however, have some nasty trojans. These  
trojans will occasionally be reported in the news as "Mac virus  
found!" Or "new OSX virus shows Macs are vulnerable". But they are not  
viruses.
	a) A virus will spread on its own - you as the user don't have to  
"do" anything to get infected. Just having the machine turned on and  
connected to a network is enough. Viruses are like swine flu - if  
you're part of the social world, you can be at risk without kissing  
anyone.
	b) Trojans are named after the greek horse - they're full of bad  
stuff, but you have to actively let them in. On computers, Trojans  
pretend to be something desirable - pictures of a celeb naked, a new  
funny video,  a required Quicktime codec, a useful new utility, a  
video game, etc. But in reality, the software full of evil.

2) Because Macs are vulnerable to trojans (after all, the Mac has to  
trust you, and if you open the door, the door is open) you can become  
compromised - not with a virus, but other malware (DNS hijacking, root- 
kits, etc.

Basically, if something asks you for your password, you're potentially  
giving it complete and total control over your machine. Only type in  
the password if you're sure it's software you trust. Being in the  
industry I'm in, and since I'm active on the front lines daily, I have  
a very high education level and ability to distinguish between "clean"  
software and trojans. I'm not perfect, but I'm just paranoid enough.

3) AV software is not without it's flaws - it sucks up RAM, CPU speed,  
and can cause legitimate software to not function. No AV software is  
perfect. You'll get false-positives, annoying scans slowing the  
machine, etc. Naturally some are better then others, but in my case  
the risk of infection for me (less then 0.1%) is not enough to justify  
the loss of performance. For a teenager who insists on using Limewire  
and pirating software the risk of a trojan is much higher - 8-12%.  
High enough that AV software is probably a good idea.
(For the record, pirated music and movies are safer then pirated  
software, since a media file asking for your password is suspicious  
while an installer asking for your password is normal)

4) On Windows, thanks to the large number of "real" viruses out there  
(and browser drive-bys, hijacks, buffer underruns, SQL injection  
attacks, etc) it doesn't matter how good you are at spotting Trojans -  
you're risk factor is still way to high (40-45% on my highly  
subjective "my opinion" scale) - the FBI claims the average time from  
a Windows PC connecting to the Internet to first intrusion attempt to  
be 7 seconds.

5) Can Macs get a virus? Yes. No OS is "immune". But OSX has been  
around for 10 years and there have been no serious viruses out there.  
We've found vulnerabilities - weaknesses or security holes that could  
be used by a virus to spread - but they have (so far) all been closed  
pretty quickly by Apple (or the third-party responsible, or by the  
open-source crowd that built so much of the code under the hood in  
OSX). And these security holes have not been "gaping" but pretty  
challenging to exploit. (And most required a local account be  
accessible by the hacker first)

6) Will my opinion change? Yes. I'm constantly watching the security  
sites and news - and the time may come when i decide to change my  
stance and install AV on my Macs. But right now my potential risk is  
low enough I'd prefer it to the annoyances and costs of AV. I'm more  
likely to get hit by a car while crossing the street, another risk I  
take on a daily basis.

7) "Good Neighbor Policy" - Something a lot of Mac people forget is  
the fact they share files with Windows folk. Although Word macro  
viruses and other "content file" viruses are dying out, they are still  
around. Just because your Mac is immune to Windows viruses doesn't  
mean you can't be a carrier. So if you do a lot of file sharing with  
Windows users, and the files you share aren't "made by me on my Mac"  
then you could be distributing viruses to your Windows friends. For  
example: Someone sends you an infected Word document, which works fine  
for you on your Mac, so you forward it on to other people. I'm well  
aware of what few files I forward, and have never inadvertently sent  
someone an infected file. But the possibility is there. I've  
encountered Windows-virus infected files on Macs at client sites, so I  
know it happens.

8) Since there are no viruses for Macs, OSX AV is securing you from  
the few trojans out there, and mostly just scanning for Windows  
viruses you have be a carrier for. You're spending money and resources  
to keep your neighbor's garden clean of pests.

Recommendations.
*These are my personal opinions, I am not reimbursed or paid by any of  
these companies*

If you must have AV on your Mac, what do I recommend?
1) Sophos (no surprise to anyone who knows me) - by far the best  
choice in OSX AV. But it costs money, and they don't sell single  
copies - no retail box, no home user option, no single license. Sophos  
is business/education only. (5 licenses is the smallest they'll go).  
But they are the best I've ever seen for both OSX and Windows.
2) ClamAVX - Free. (horray open source!) Not the most friendly, and  
you'll probably want to just have it around to run periodic manual  
scans. But a nice tool if you're worried
3) Sorry - at this time I have no other recommendations. I do however  
have two anti-recommendations:
	a) If you're thinking about Symantec Anti-Virus for Mac, just hit  
your mac with a sledgehammer until it's dust. It's kinder to the poor  
machine
	b) If you're thinking about McAfee, just use the money to buy  
yourself a book on computer security. It's more effective.


	

On Apr 30, 2009, at 9:12 PM, harmonyroute at mac.com wrote:

> I received this question from a felow trolley museum volunteer  
> regarding his trepidation about switching and not feeling protected  
> from viruses.
>
> I would appreciate insightful responses that I can use to sooth him.
>
> Thanks in advance,
> CuZinBruce
>
>
>
> Bruce -
>
> I need some advice. As you know, I am in the process of getting up  
> to speed on my Mac Book Pro. Maybe I am too much an old PC fan, but  
> I feel naked on the Internet without some form of virus, etc.  
> protection. I know that Macs are supposed to be immune to such  
> problems, but my reading of recent issues of PC magazines suggest  
> that may not be entirely true.
>
> Do you run any such protection on your Macs and, if so, what product  
> do you use?
> _______________________________________________
> NPMUG mailing list
> NPMUG at davesevick.com
> http://davesevick.com/mailman/listinfo/npmug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://davesevick.com/pipermail/npmug/attachments/20090430/57a3cfd1/attachment.htm

More information about the NPMUG mailing list