Apple Says Macs Are Safe, No Antivirus Needed

lobridge writes "Over the last two days multiple news feeds (and Slashdot) have been reporting that Apple has been quietly recommending antivirus software for their machines. It appears now that Apple has deleted an entry on their forums that suggested this and are saying that Mac computers are 'safe out of the box.'"

Wrong, and bad summary, as usual

[daveschroeder]

First, that article had been there for quite some time [macnn.com] (but was just updated in the last week of November, when the IT press noticed it), and was just a generic recommendation for antivirus software on Mac OS X, and pointed at some third parties who provide such software. Second, the representative did NOT say "No Antivirus Needed"; on the contrary, the representative said antivirus software offers additional protection.

Antivirus software has always been recommended in our environment on all systems, including Mac OS X. But the very real fact is that -- for whatever reasons, many of which can be argued to no end -- Macs have far less problems with malware and serious security vulnerabilities that have a real impact on users.

As Macs are increasingly used in mixed environments, antivirus software is always prudent, as Mac antivirus software also recognizes and captures Windows viruses in addition to Mac, stopping inadvertent spread. For example, Symantec's full array of virus definitions for Windows and Mac OS are included in the definitions on both platforms.

Malware exists for Mac OS X (and Mac OS before), and always has in various forms. Nearly all of them -- even the recent highly publicized cases -- are trojans requiring deliberate user interaction, and have no mechanism for mass-propagation. The proliferation of hardware- and software-based firewalls and other changes have helped the situation on all platforms.

Porn video codec trojans requiring user interaction -- even as their prevalence increases as Mac marketshare grows -- do not rise to the level of vulnerabilities potentially allowing remote administrative control of all versions of Windows without any user interaction or knowledge, nor the massive worms of old costing untold manhours and untold billions in recovery and lost productivity.

Macs have very real security problems, and Macs have malware specifically targeted at the platform. But for a variety of reasons, Mac OS X is, in a very real sense, a more secure computing platform with respect to malware. This does not mean there are not legitimate concerns and gripes, does not mean Apple has made some poor decisions with respect to security, and does not excuse gloating fanboys.

But frankly, Mac users always should have been running some kind of antivirus software, even if only to prevent unknowing propagation of Windows malware, and institutions such as ours have recommended this as policy for years. But since Apple updated a knowledgebase article, and since the trend has been to give an inordinate level of coverage to any Mac security issue, however minor, I'm sure this will continue to be melodramatically blown out of proportion.

Macs have far less problems with "malware" and related issues than Windows. Not all of this is only due to marketshare. Some is due to changing strategies of malware writers, new attacks on browsers and other cross-platform applications, increased attention to network security, better user education, and number of other factors. But even as Mac marketshare grows and the platform is increasingly targeted, there still have not been any high-impact massive issues with malware and/or severe security vulnerabilities as there have been on Windows.

Apple has come a long way on security response from its attitudes even a couple of years ago, and still has a long way to go. But if a benign recommendation for AV software get blown up into a huge issue with media extrapolating that this must mean Apple is under heavy attack, and indeed, Apple may even be aware of an impending flood of malware, I'm not surprised Apple responded by simply pulling the article altogether. The perception in the marketplace is that Macs have a lot less problems with malware. That's completely accurate. Why would Apple want that correct perception tarnished by a bunch of sensationalism?

Bullshit

[TheLostSamurai]

If you're on the internet, you're vulnerable. Period.

Overhyped

[xav_jones]

The whole story about Apple encouraging anti-virus software was severely over-hyped anyway. There are malicious bits out there that will damage your system if you do something stupid, like install a Trojan or run an untrusted Office macro. OS X is still quite secure out-of-the-box and *this* is where it is most different to Microsoft's offerings.

Are there any Mac Viruses?

[LWATCDR]

I mean is there? Anti-virus programs work by looking for specific code. If that code doesn't exists yet what does it look for? Windows viruses?

PR move

[UnknowingFool]

I guess this is knee-jerk reaction to bad PR. Really, the way most viruses work today, Windows machines are the most susceptible. OS X (and other BSD based OS) and Linux are based on different design principles and mostly immune to viruses. Trojans are probably more likely for these systems. I think having a virus check now and then is beneficial in removing those Windows viruses that manage to get onto a Mac so they don't become repositories.

Sure has been a lot of Apple bashing on the net

[NinthAgendaDotCom]

Lately I've seen a few of these posts on various sites. I think it's the case of Apple being big enough and successful enough over the past few years that they fall into the same category as Google, Microsoft, etc.: no longer a cute underdog, no longer immune from attacks. There's always been some anti-Apple sentiment ("one button mouse!" etc.), but lately it seems more pointed and directed, more tactical.

Re:Safe... until

[Anonymous Coward]

Whoa...hold on there,son. The fact that they publish security updates proves them wrong.

Maybe there aren't many (or any) viruses, worms and whatnot targeting the platform today, but they will come, and when they arrive, it will be a good idea to have some protection installed beforehand. A relative few will still get infected before the AV industry can react, but the rest will be safe as soon as a definition update appears that detects the threat.

Re:Don't need security updates either?

[pauljlucas]

Maybe there aren't many (or any) viruses, worms and whatnot targeting the platform today, but they will come, and when they arrive, it will be a good idea to have some protection installed beforehand.

I've never understood the reason for anti-virus software in general. If there's an exploit, then just fix the security hole. Apple does this with their security updates.

That said, I understand the reason for anti-virus software on Windows: Microsoft can't or won't fix the security holes. (They tried with Vista and UAC, but that's a mess.)

Re:Are there any Mac Viruses?

[LWATCDR]

Wow that is well into the tinfoil hat area. What viruses are their for OS/X? What current exploits are out for it.
I really don't buy into there are but they are secret.

Re:Safe... until

[LordKronos]

Yeah, but I think paying for antivirus software (and the likely yearly subscriptions) when there isn't even evidence of any viruses actually existing seems to me to be like paying for car insurance before you've bought a car or got your license. Should we also be vaccinating our bodies against theoretical illnesses that haven't even been discovered yet?

Re:Are there any Mac Viruses?

[Anonymous Coward]

Of course there are. Apple however does a pretty good job of stopping any disclosure. If their "ignore the man behind the curtain" attitude extends to virii, there won't be any to check against.

What? That makes no sense. It's not as if Apple can put a stop to a virus written by and released by someone else just by wishing it so.

"And we have seen and do testify that the Father sent the Son to be the Savior of the World" 1 John 4:14

Oh right. You're not used to dealing with sense.

Re:Safe... until

[JustinOpinion]

something that Apple politically couldn't say: Mac antivirus software primarily protects against Windows viruses

Considering that Apple runs ads that directly state that "PCs" get viruses whereas "Macs" do not, I don't see why they would mind saying roughly the same thing in a tech note.* Seems to me that they have already taken a pretty visible stance on that political issue.

That having been said, I suspect you are right: once this whole issue blew up, it was safer to completely distance themselves from the original tech note, rather than try and explain why they had originally issued it.

[*] Conceivably the tech note was written by some lower-level employee who didn't want to say something controversial. So instead he/she left it vague and just suggested that "antivirus is a good idea" and so on.

Re:They are still recommending antivirus!

[gEvil (beta)]

By the way, isn't it ironic that Apple is still offering ClamXav for download on their own website?

Look! They're also promoting software piracy!!! [apple.com]

In case you don't get it, providing links for software some people may find useful is not the same thing as endorsing it.

Re:Safe... until

[revscat]

Maybe there aren't many (or any) viruses, worms and whatnot targeting the platform today, but they will come, and when they arrive, it will be a good idea to have some protection installed beforehand.

People have been saying the same damn thing for 8 years. "Just wait, one day OS X will get a virus. You'll see."

Ok, well, after hearing this for almost a decade I'm kinda starting to get skeptical.

Re:hexually transmitted

[erroneus]

So it is unlikely that people with things to say have no desire to be complete and accurate in their thoughts, ideas and expressions? It only takes one quick generalization before people start blasting you with "that's not true because it's not true for me."

While there may be some moments when it is possible to be both brief, accurate and complete, I would suggest that those moments are the exception and not the rule. Just as with your short conclusion, it is completely presumptive and incorrect. I would be neither on Apple's payroll nor in a basement if I were to have responded in similar fashion. Your mind has been dulled by 30 minute episodes and 10 minute commercial breaks.

Re:Are there any Mac Viruses?

[revscat]

The page you linked to shows malware, not viruses. No system is immune to malware. And as far as viruses are concerned, there has never an OS X virus. Ever.

And the market share thing has been debunked time and time again. You think that if virus writers could capture 100% of 8% of the market that they wouldn't have done so sometime in the past 8 years?

Re:Safe... until

[dhavleak]

People have been saying the same damn thing for 8 years. "Just wait, one day OS X will get a virus. You'll see."

Actually, people have been saying "One day, OS-X will have enough users that malware authors will target it the way they target Windows". That hasn't happened yet, but OS-X marketshare is trending upwards, so it might still happen.

Also, please note the omission of "You'll see" and other such things. I don't want OS-X users to get viruses just so that my point gets proven. I do agree that in all likelihood if you run OS-X without an AV you'll be ok. That still doesn't negate the point -- OS-X does not have any inherent security advantage over Windows, and Apple's smug attitude towards security will bite them in the butt if their marketshare increases.

Re:Safe... until

[Anonymous Coward]

Yeah right. That's why Mac OS X got hacked while Vista and Linux were immune.

Make all the excuses you want. Mac OS isn't invincible. It's not even secure.

Re:Wrong, and bad summary, as usual

[brkello]

If you really think Linux and Macs are safe because they are "designed from the ground up for multi-user networked security", then you don't know what you are talking about. It may be more secure than other OS's...but if you are connected to a network, you are not safe. Mac zealots need to stop thinking and telling other people they are immune because they use this OS. It is ridiculous and will only make it that much harder to get "clueless" Mac users to properly use their computer.

And it isn't that people can't be bothered to run Macs or Linux. The majority of the software out there still is written for Windows. I find it amusing that the first thing most Mac users do is set up there box to dual boot Windows or set up some Windows VM. If you really want to talk about security, sit down at the grown up table and realize that there are a heck of a lot of people who use Windows. That all systems that are connected to a network are vulnerable. And that you shouldn't put down someone for their choice of OS. Each OS is a tool that can be used effectively for different purposes. It is good to have choice and if we want to secure things, then yes, it sure is helpful to have Mac users running AV and not clicking on every shady link that comes their way.

Everyone needs anti-virus software these days!

[unix_geek_512]

C'mon apple, get real!

Everyone needs anti-virus software these days!

Apple, Linux, *BSD and Unix included.

I don't care what apple or anyone else says, you need all the protection you can get.

I have been using anti-virus software on *nix systems for years and will continue to do so.

Semper Fi!

Re:Are there any Mac Viruses?

[Graff]

What viruses are their for OS/X? What current exploits are out for it.

There are no viruses in the wild for Mac OS X, a few people made some proof of concept viruses but they had crazy requirements and potential vulnerabilities were patched quickly. There are some user interaction based exploits but again they are pretty hard to pull off and most of them have been patched.

No sane person is saying that Mac OS X is immune to potential viruses and exploits but overall the security model of the OS is pretty solid. Yes Mac OS X is a smaller target than Windows but it's still a big enough target that if it was easy to exploit then people would already be doing it. Eventually I'm sure there will be some serious malware out for Mac OS X but right now it's a waste to run antivirus software because there is NOTHING out there that Mac OS X needs to be protected from.

Right now antivirus software for the Mac is simply a waste of money and computer cycles. Again, that may change some day but until then don't bother with antivirus for the Mac.

Re:Safe... until

[Nebu]

People have been saying the same damn thing for 8 years. "Just wait, one day OS X will get a virus. You'll see."

Ok, well, after hearing this for almost a decade I'm kinda starting to get skeptical.

I don't know about the people you've been hearing it from, but I am fairly confident that when/if OS X has a majority market share as a consumer OS, it will have viruses and other forms of malware. From a utilitarian point of view, if you're trying to create a botnet, it makes most sense to have your botnet target the most prevalent platform run by home users on the internet. In particular, you don't want to target the most prevalent platform run by system administrators, because they probably know how to take care of their machines.

If the OS allows users to write to the harddisk, and to communicate over the internet, (and I can't imagine a useful consumer desktop OS that wouldn't allow these) then it contains everything necessary for malware to exist on that platform. If the OS allows user-written files to be executable (a very important feature if you want users to have hobbyist programmers on your platform), then the platform contains everything necessary for viruses to exist.

Re:Safe... until

[Anonymous Coward]

Puh lease. For years there were far more Apache installations and they didn't get ass-raped the way IIS did/does.

It has nothing to do with installation base and far more to do with idiot coding practices.

Re:Safe... until

[DesertBlade]

Technically that is not a crash of the system. While all the system resources are in use, you can kill Firefox and the system will return to normal. I have also seen poor javascript bring system to crawls, but the system stayed up. Virus software probably would not catch a scenario like this.

Re:Safe... until

[Anonymous Coward]

Nope, you're just a shill.

http://www.itworld.com/mac-hacked-first-in-contest-080327 [itworld.com]

Re:Safe... until

[Piranhaa]

That's one way of looking at it. Another way is hearing news that the East is infected with a certain illness that can't 'currently' affect Westerners. However, like with any viruses, they mutate constantly and can eventually cross over. So, in that sense, it can make sense to protect yourself with a vaccine.

But, being properly aware is still much much better than what virus scanners can provide. Hell sometimes virus scanners cause more harm than good. System slow downs and wrongly detecting files as viruses when in fact they aren't are among reasons (just look what happened with AVG recently). I still don't run virus scanners on MY XP (Bootcamp) install, nor my main OSX install. I run an OpenBSD firewall, and am 'smart' when on the net. I, personally, don't ever really plan on running a virus scanner. If I'm opening a suspicious file, I'll simply create a snapshot of a Windows install, open the file and see if it does any damage. If I see ANY suspicious activity, I could simply revert to an old snapshot... Obviously this isn't (currently) a viable option for the general public, but I don't see it being too far off as pretty well all new computers come with Intel or AMD visualization technologies to allow speedy virtual machines.

Re:Safe... until

[atraintocry]

Like lack of ActiveX.

Re:Safe... until

[nine-times]

A) The idea that Windows only gets compromised because of its large market share isn't firmly founded. Even if you think it's true, it's far from being widely accepted.

B) Even if OSX becomes just as frequently compromised as Windows, it still doesn't make sense to buy an Antivirus program now. Most AV packages rely on databases of known-viruses, and aren't very effective against new/unknown viruses. Therefore, even if you have AV software for your Mac, they won't detect any threats until after they're known. Therefore, it doesn't make sense to bother to install anything until after there are known threats for OSX, and there aren't any yet.

So mostly, installing AV software on OSX will just use up resources and *maybe* help to protect Windows machines you're trading files with.

Also, I don't know about you, but I evaluate AV software before I buy it for what's most efficient and effective at the time when I buy it. Until there are real threats against OSX, there's no way to measure how effective it is at protecting you from those threats, so there's nothing to recommend one package over another except for what uses the least resources. And do you know what uses the least resources? Having no AV software installed.

Re:Safe... until

[Macthorpe]

Yeah, it's not like Apache installations are mostly maintained by experienced sysadmins whereas Windows computers are maintained by every idiot and his grandma.

Wow, it really is hard not to be sarcastic about this stuff.

Re:Everyone needs anti-virus software these days!

[Paradigm_Complex]

Would you mind sharing what software you use? All of the antivirus software I'm aware of for Linux or *BSD is designed to look for Windows viruses/malware. Good for cleaning up my neighbor's computer from a live USB but not so useful for protecting any of my *nix boxen.

Re:Safe... until

[cslax]

Is it possible for a Mac user to troll a post about macs? I used a Mac to post my previous comment and my comment now.

I could have posted an eloquent, well thought out response, but instead decided that posting that would better serve my purpose.

To add to the discussion at hand, at Apple stores, I have witnessed many people asking the "genius bar" people about AV protection for their Mac's, only to be told, "Apple computers do not get viruses, but you should protect your fellow Windows computers, by buying this AV software!" These people then dump extra money to buy antivirus, in order to make sure they are not carriers, which is what the comment in TFA seemed to suggest.

Re:Safe... until

[Seraph321]

30 million is a lot, to be sure, but I wonder if malware authors look at them the same way. For one thing, I believe desktops must be much more desirable for spambots than laptops because they are left on more often. This is especially true for desktops in small businesses. I would guess that the vast majority of those 30 million macs are laptops.

Re:Safe... until

[stewbacca]

You're not redirecting us to the story about the hacked Mac where the guy built some code on his website and pointed the Mac to the malicious code HE BUILT WEEKS BEFORE THE CONTEST are you? Oh wait. Right, you are. And the OTHER guy's the shill?

Re:PR move

[UnknowingFool]

Please, this is myth that has been busted. Viruses self replicate and infect Windows systems because they can. In Unix and Linux systems, applications have to be explicitly run. And even then, applications only have permissions to run in certain ways and affect certain files. They cannot affect system files unless given permissions. In that way Trojans are more likely to be successful.

Re:Safe... until

[geminidomino]

Which would suggest that it wasn't particularly a problem until they discovered they could soak people for more money with it.

Before RLS medication was invented, I had a surefire way of dealing with restless legs.

I went for a walk.

Re:Safe... until

[jbezorg]

I wonder if the first OSX virus will be called "hubris". Has a nice ring to it. osx.hubris.v

Malware On Mac OS X - Viruses, Trojans, and Worms
http://www.macforensicslab.com/Malware_on_Mac_OS_X.pdf [macforensicslab.com]

A white paper on the history and future of malware and how it can affect the Apple Mac OS X platform.

This document discusses the technologies used in malware. These include viruses, Trojans and worms. The specific intention is to bring forth detailed discussion on how this affects the Apple Mac OS X platform. The document outlines a potential framework for a Mac OS X malware suite. The document closes with recommendations on what Apple Inc, and users of Mac OS X can do to defend against such technology.

This paper was created to outline the results of research performed by the MacForensicsLab.com research and development team. These results are presented to the public in order to raise awareness of the situation and to prompt the relevant responsible parties to address the issues outlined within.

The MacForensicsLab.com staff and SubRosaSoft.com Inc consider it important to bring such discussions out into the public and welcomes all opportunities to discuss the paper on info@subrosasoft.com.

Re:Safe... until

[spiffyman]

I actually contracted nVIR on a Centris 610 once, well over a decade ago. I also wanted to point out that the fact that nVIR was viable against System 4.1 machines should have been a big freaking sign that something was amiss when it was cited as an example of the Mac's vulnerability. If the virus is contemporaneous with System 4.1, it's over 20 years old.

nVIR is in the wild like smallpox is in the wild.

People need to understand that no one in the know is saying that OS X is vulnerability-free or that it will stay virus-free. But every time that's brought up we're practically told to start handcoding fixes for non-existent threats. It's absurd.

What about tricking users?

[JSBiff]

It may or may not be true that the various network daemons installed on most Mac OS X installs are 'secure' (I'll go with the premise for the time, but, really, who knows what currently undiscovered vulnerabilities therein lie? Yes, that applies for the same daemons installed on any Unix), but really, what protects Macs from the same kind of user 'tricking' that are commonly used against windows users.

Things like:

* A website of, err, questionable repute, which tells you that you need to download and run an installer for a new 'video player' to see videos on the website, but which is really the installer for a rootkit or botnet zombie.

* An email claiming to have an attachment or a link to a file which purports to be some business related file, or a video or photo the receiver might find funny, or a holiday greeting card, etc, but is really the installer for a rootkit or botnet zombie.

Don't say that Mac users are just too smart to fall for that kind of thing - I'm sure some of them are, but I'm equally sure some of them aren't.

I think the main thing which protects Mac and Linux users from such things is mainly that, right now, the installed base for both O/Ses is just too small for anyone to care about attacking. But, the Mac community is rather larger, and growing somewhat quickly, so they could be soon a large enough user base to be 'worth' trying to exploit.

Re:Safe... until

[p0tat03]

The point I think he's trying to make is that, as of yet anyhow, OS X viruses and malware have to be explicitly let in through the front door via user stupidity (or just plain ignorance/don't know better). On the other hand, MS's track record has shown numerous ways for software to sneak onto your machine without user intervention whatsoever.

I personally think that OSX's sudo password prompt needs to be beefed up to show exactly what the app is attempting to access. If I'm installing some app that wants to add a file to /usr/bin, sure. If it wants to REMOVE a file I'd be a lot of more suspicious. As of right now both cases will simply show a nondescript "enter admin password" prompt, which is insufficient.

Macs DO have viruses!

[Tokerat]

Well, they did [about.com] under the old cooperative multitasking "old world" Macintosh System Software.

I'm suprised that no one mentioned that we Mac users had a virus known as Oompa-Loompa [about.com] starting on Valentine's Day, 2006.

I found this stuff on About.com! C'mon, people! Firefox even has a Google Quicksearch built right in! Ctrl-L "google mac viruses" enter. No mouse even required.

Re:Safe... until

[ch1lly]

..and playing games. Oh, wait.

Re:Safe... until

[Risen888]

It's also what most viruses run on. You're making a trade-off there, even if you're not aware of it.

Re:Safe... until

[lgw]

You're a botnet owner. You hijack a web site and add a flash trojan to the banner add. Flash exploits exist for most OSs, but you only get 1 payload - you can affect just 1 kernel. Which payload do you choose? As long as one kernel has more that 50% market share, no one will ever attack anything else.

My 64-bit Windows home OS has never been (successfully) attacked, for the same reason a Mac will never be (successfully) attacked any time soon: the only payload is the 32-bit NT root kit. Don't kid yourself that it's somehow "impossible" to attack OSX and gain root from a user-mode process - that's been demonstrated repeatedly in competitions and the like. It's just not a threat in the wild, because viruses (etc) are a *business* now, and so are engineered to maximize returns.

Re:Safe... until

[pseudonomous]

Yeah, on a mac the viruses just WORK, you don't have to worry about finding drivers or system crashes to prevent viruses from running optimally, and they offer easy drag and drop installations, right?

Re:Safe... until

[wild_quinine]

In regards to spreading Windows viruses yeah I feel bad for Windows users but I won't spend my own money and processor cycles on worrying about their systems. If they want to protect their systems then they should take steps to protect themselves. They could also dump Windows and get an operating system that isn't so ridden with viruses and malware. That's their own choice and problem, not mine.

To paraphrase: I'm one of those lucky people who's immune to AIDS. I just fuck anything. I mean, sure, I can carry AIDS, and I can pass it on. But since I can't get it, it's no problem of mine. The responsibility for that lies completely on the other side of the fence. Hey, but I've run out of posting time - another orgy to attend.

Re:PR move

[shutdown -p now]

In Unix and Linux systems, applications have to be explicitly run. And even then, applications only have permissions to run in certain ways and affect certain files. They cannot affect system files unless given permissions.

Guess what, everything you said equally applies to XP if running under normal user, and Vista out of the box.

Re:Safe... until

[mdwh2]

In which case, you are then vulnerable to viruses (along with all the other faults that Mac users claim Windows has).

I don't understand this argument - saying Windows is crap, but then saying Macs can avoid the failings of OS X by running Windows.

Comment removed

[account_deleted]

Comment removed based on user account deletion