Let's put it this way: when you say "Macs just work," then list your maintenance routine, one becomes a little skeptical.
That is the no-problem-guarantee, over-zealous, extra-cautious routine.
Also, spyware/adware of various kinds is so common and its use so widespread, that I simply don't believe that none has been written for Macs. I think it's entirely possible you have some on your machine and are oblivious. I imagine they made this program for a reason.
They have Mac virus programs, too. But since OSX there hasn't been a single virus that has been found in the wild, and the anti-viral packages are more dangerous than caution and back-ups.
With dubious reports of a nascent malware menace threatening Mac OS X's current status as (for all intents and purposes) a virus-free platform, many readers have inquired about the need for installation Mac OS X anti-virus software.
Ask McAfee or Symantec and you'll be met with an implore that users purchase, install and regularly use their Mac OS X virus scanning software. With scare tactic statistics like "a 228 percent increase in malware attacks over the past three years" -- even though no single piece of Mac OS X malware has yet managed to successfully cause significant system damage or reliably spread -- it's easy to see why some users are taking the bait.
However, what the virus software companies aren't telling users in their barrage of press releases and dire statements to publications that dutifully pass claims of a rising threat onto readers as fact is that, to date, more problems have been caused by anti-virus software on Mac OS X systems than actual vulnerabilities thwarted. While this circumstance doesn't negate the potential utility of having anti-virus software installed, and won't let the cautious rest easier should the currently mythical Mac OS X attack horde materialize, it should give pause to users who feel coerced into purchasing anti-virus software.
First, let's look at some of the problems that have been caused, on a widespread basis, by Symantec's Norton AntiVirus:
Ironically, a "highly critical" flaw was found in Norton AntiVirus. The vulnerability was as follows: During decompression of RAR files Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected. These vulnerabilities can be exploited remotely without user interaction in default configurations through common protocols such as SMTP. Symantec posted an antivirus based protection signature to LiveUpdate on December 20, 2005, providing a heuristic detection for potential exploits of the Symantec decomposer RAR archive vulnerability. The company also recommended that users 'Scan Compressed Files' to 'Off' in the Norton Auto-Protect pane of System Preferences to mitigate this vulnerability.
Version 9.0 of Norton Antivirus spawned a file appropriately named "spacesuckingfile.xxxxxx" after it completed a virus scan. This was a temporary file that Norton AntiVirus created when scanning archives on your computer to help determine the amount of free space available on the disk before it begins unstuffing and scanning archives. The file contains no actual data and may be deleted. Normally, Norton AntiVirus deletes this file when scanning the archives is complete, though it may not be deleted automatically. Version 9.0.1 of Norton AntiVirus resolved this issue.
The AutoProtect component of Norton AntiVirus produced an issue with apparent corruption of Mac OS X temp files that could result in spiking processor usage and complete system unresponsiveness.
Sophos Anti-Virus is another popular tool that has succumbed to its own flaws in an attempt to "protect" users against a malware threat.
A previous version of Sophos' AntiVirus software generated false positives for the "OSX/Inqtana.B worm", invoking users to delete critical application and system files and causing serious issues. Inqtana.B was a variant of OSX/Inqtana.A -- a Java based proof of concept bluetooth worm that affects older versions of Mac OS X 10.4.x (Tiger). The vulnerability did not affect Mac OS X 10.4.5 or Mac OS X 10.4.6, and had not been found in the wild. Despite that, Sophos' software was identifying "infected" files -- sometimes numbering in the thousands -- on Mac OS X 10.4.5 systems.
Sophos quickly resolved the issue, but results of the false positives were, in some cases, disastrous. Users who thought their systems were infected deleted dozens (in some cases hundreds) of critical files rendering some applications useless and eliminating important data.
Virex from McAfee (the company that released the aforementioned warning that Mac malware threats were up more than 200 percent in the past year) was a component of the .Mac subscribers package up until mid-2005, when Apple decided to pull the offering due to a number of issues documented here on MacFixIt, including slow overall system performance, constant fan activity, degraded performance in some applications and more. We also posted instructions for removing Virex from a Mac OS X system.
Intego's VirusBarrier X, which was the first anti-virus package to become a Universal binary and has been among the least problematic of commercial offerings, has also exhibited various issues through its lifetime.
In 2003, Virus Barrier X caused an issue where the system became totally unresponsive and refuses to start up properly from that moment forth.
Intego's later fixed the issue a March 2003 virus definition release.
Another minor issue was caused by VirusBarrier in late 2005, where hard drive space was rapidly decimated by the creation of several thousand tiny (4 KB) files spawned by VirusBarrier.
Fortunately, your best bet for Mac OS X virus protection at this point is completely free. ClamXav is a free graphical interface (GUI) for the open-source ClamAV virus checker. The ClamAV scanning routine is also built into some Mac OS X utilities like Tiger Cache Cleaner.
Even this tool, however, has been known to cause some issues -- particularly when installing software. In one case, application of the Adobe Illustrator CS2 12.0.1 updater was prevented by ClamXav's scanning operation.
The bottom line is that Mac OS X virus software has, collectively, precipitated more security flaws, slow-downs, accidental file deletions and overall system issues than perhaps any other grouping of software.
It's also important to remember that just because you have an AntiVirus software package installed and regularly scanning your hard drive does not -- by any means -- ensure you will not contract a Mac OS X virus should one materialize. Virus scanning software works by checking files on your hard drive against a pre-defined set of file types that could potentially be malware. Should the dreaded effective Mac OS X virus surface, current AntiVirus software will be rendered impotent against its spread until virus definitions are updated to account for the new type.
Some virus scanning software packages use routines to check for "suspicious" actions that could indicate the presence of malware, but the chances of such a routine actually stopping a cleverly crafted piece of malware are slim -- especially since there has yet to be a compelling piece of malware for Mac OS X to compare against.
In fact, the single best reason for installing anti-virus software on your Mac OS X system remains one of a good samaritan nature -- prevention of passing malware along to users of Windows systems.
For some practical tips on reducing the threat of contracting malware on your Mac, see our tutorial "10 simple steps for securing your Mac".
Note that a virus is not the same thing as adware/spyware. Two very diferent animals.
I accept that a Mac virus is a rare beast.
It's the spyware stuff I'm not so sure about.
Understood. I have heard nothing about Mac spyware...neither that they are a threat, a concern, nor had I ever heard of an app that dealt with them. That's how low on the radar it is.
Hmm, tempting to get Firewire hard drives. I think I'll hold off until i see for myself whether or not "Macs just work."
I wouldn't get just a FireWire drive. It's never fun to try to use a drive to move big data and find out a computer doesn't have a certain connector. I have Macs and PCs, old and new, and so what works for me is both USB and FireWire connectors so that a drive is useful to any of my computers.
There is FireWire 400 and FireWire 800. Some say external SATA ports/cards will start to give FireWire 800 serious competition at the high end. Apple dropped the FireWire 800 port from the 15" MacBook Pro, but kept it on the new 17" MBP, which confused everybody. All Macs have FireWire 400 and USB 2.0 ports.
I wouldn't get just a FireWire drive. It's never fun to try to use a drive to move data and find out you have mismatched connectors. I have Macs and PCs, old and new, and the best drive to get should have USB and FireWire connectors so that any drive can access the data.
There is FireWire 400 and FireWire 800. Some say external SATA ports/cards will start to give FireWire 800 serious competition at the high end. Apple dropped the FireWire 800 port from the 15" MacBook Pro, but kept it on the new 17" MBP, which confused everybody. All Macs have FireWire 400 and USB 2.0 ports.
Thanks. I note that the test David posted was between FW 400 and USB 2.
My first Mac is a Macbook. Or it will be, when I finally get it! I only have one external that's both USB and FW. The others are USB only. Never thought I'd need FW!
Thanks. I note that the test David posted was between FW 400 and USB 2.
My first Mac is a Macbook. Or it will be, when I finally get it! I only have one external that's both USB and FW. The others are USB only. Never thought I'd need FW!
If you decide you need it, you can always just buy new cases and move the drives. Easy peasy, and cheaper, too.
My reinstall is going well. XP is up and running via Parallels. I just found out that my internet connection is live. :uhoh I went back to OSX and turned off the airport for now, that solved that problem.
Do I want Automatic Updates On?
I guess I need to download some virus software now. :cry
I am in the process of installing Firefox, Ad Aware SE personal and AVG free. The windows firewall is on and I am also accessing the internet via my airport which should have a firewall too. So am I safe enough? I am not checking email or surfing (outside of updates).
My first Mac is a Macbook. Or it will be, when I finally get it!
Hope you're maxing out the RAM (with cheaper non-Apple sticks). A friend bought a MacBook for non-demanding uses (Word, e-mail, web) and I took a look at its virtual memory usage and at the out-of-the-box 512MB RAM it hit virtual memory much more than I expected. If I were running Photoshop on one I would definitely go to 2GB as soon as possible and plug in a Photoshop scratch drive into the FireWire port.
I am in the process of installing Firefox, Ad Aware SE personal and AVG free. The windows firewall is on and I am also accessing the internet via my airport which should have a firewall too. So am I safe enough? I am not checking email or surfing (outside of updates).
If you're not surfing for pr0n or warez or c1a1!5 you'll be more than fine.
Y'all don't want to hear me, you just want to dance.
If you're not surfing for pr0n or warez or c1a1!5 you'll be more than fine.
only for V$AGRuH
No I will only go to known sites that I need updates for that I cannot access on the mac side. I will leave the internet connection on, just because it is a pain to turn on and off.
The only Windows update that came up was a publish update, I did not do it, since I am not using publisher.
I've never used either of these companies' products, though...
Thanks, The top one looks good, the price is right, but it is out of stock and unknown. I will keep searching. I am not in a big rush, but it would be nice to have a spare drive.
The biggest difference by far is that the Mac makes good use of its security infrastructure and Windows does not.
Notice that Mac malware was common prior to OSX. It disappeared. Why? It's not because the Mac lost marketshare; it's been growing ever since the release of OSX. The issue is that OS9, like Windows, provided no protection against the modification of system files. As such anything that managed to run at all could change the system to its heart's content. And people wrote software that did exactly that.
Windows, despite moving to a platform with inherent security in NT, 2K, and later XP, has continued to run most user accounts with full system privileges -- thus rendering the security infrastructure completely worthless.
It is possible to secure NT, 2K, and XP. In fact, I wrote a software package that did just that for NT3.5. The problem is that if you do this a remarkable amount of software will fail, having been written assuming full system privileges. This includes children's software -- which, to me, is total insanity. Microsoft's problem is that if they chose to turn on security they'd break a lot of software and they were having a hard enough problem getting people off of the unstable Win9x codebase. So they opted for loose security and we've all been paying the price for it.
The good news for Windows folk is that Vista will (supposedly) move to a security architecture very similar to OSX. In so doing we should see malware issues largely evaporate. It couldn't happen soon enough for me.
It will always be possible to write that malware because there are always bugs in operating system software. But with a locked-down system it becomes orders of magnitude more difficult. And that is why there are no known spyware applications on OSX, Linux, or FreeBSD yet Windows is completely infested.
By the way, it is possible to substantially improve OSX security with two simple changes. First, create an administrator account separate from the normal user logins. Second, disable administrator privileges for all other accounts. This makes a big difference because /Applications is otherwise writeable by user accounts, and that allows malware to modify applications therein. From that point it's a fairly short step to infecting the rest of the system.
The annoyance in doing this is that you will no longer be able to simply drop new applications into /Applications; you'll have to switch to the administrator account to do it. Apple was smart enough, at least, to have all system administration tasks authenticate if necessary ... so administration can still be done by random accounts, you just have to supply the administrator account and password.
Thanks, The top one looks good, the price is right, but it is out of stock and unknown. I will keep searching. I am not in a big rush, but it would be nice to have a spare drive.
See the follow-up msg posted a couple below that one... Firewire/USB2 combo coming later this month, but it's $99(!) for the enclosure. I'm sure other manufacturer's will follow soon enough.
ATA/IDE/PATA are pretty much all the same thing by different names. You just need the 2.5" size.
Thanks. I note that the test David posted was between FW 400 and USB 2.
My first Mac is a Macbook. Or it will be, when I finally get it! I only have one external that's both USB and FW. The others are USB only. Never thought I'd need FW!
One advantage of FW external drives, is that you can boot from them if you have a duplicate copy of your system drive in OS X on the external drive, as with Super Duper for a B/U.
You cannot boot from a USB 2.0 drive on a MAC. You can just store data on a USB 2.0 drive.
See the follow-up msg posted a couple below that one... Firewire/USB2 combo coming later this month, but it's $99(!) for the enclosure. I'm sure other manufacturer's will follow soon enough.
ATA/IDE/PATA are pretty much all the same thing by different names. You just need the 2.5" size.
I guess there might be some pages with java or javascript code on them that "do evil," but I've not seen any like that.
Ah, frack. IE And Firefox Sport New Zero-day Flaw. It's more a phishing/data-harvesting type thing, but it's reportedly cross-platform and cross-browser.
Hope you're maxing out the RAM (with cheaper non-Apple sticks). A friend bought a MacBook for non-demanding uses (Word, e-mail, web) and I took a look at its virtual memory usage and at the out-of-the-box 512MB RAM it hit virtual memory much more than I expected. If I were running Photoshop on one I would definitely go to 2GB as soon as possible and plug in a Photoshop scratch drive into the FireWire port.
Thanks. I have 2GB ready to install. I don't know what you mean wrt the PS scratch disk, I'll root around. Thanks for the tips!
By the way, it is possible to substantially improve OSX security with two simple changes. First, create an administrator account separate from the normal user logins. Second, disable administrator privileges for all other accounts. This makes a big difference because /Applications is otherwise writeable by user accounts, and that allows malware to modify applications therein. From that point it's a fairly short step to infecting the rest of the system.
The annoyance in doing this is that you will no longer be able to simply drop new applications into /Applications; you'll have to switch to the administrator account to do it. Apple was smart enough, at least, to have all system administration tasks authenticate if necessary ... so administration can still be done by random accounts, you just have to supply the administrator account and password.
What a great post! I'll see if I can figure out how to do that.
I ran XP today and it wanted to install 44 updates, does that seem normal for a new install? Most were MS security updates. I guess it would be good to run all of them at once?
I ran XP today and it wanted to install 44 updates, does that seem normal for a new install? Most were MS security updates. I guess it would be good to run all of them at once?
Yes, as of last week an XPSP2 install required 44 updates.
Comments
Hmm, tempting to get Firewire hard drives. I think I'll hold off until i see for myself whether or not "Macs just work."
First test: do "Macs just deliver?" I'm getting impatient!
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
That is the no-problem-guarantee, over-zealous, extra-cautious routine.
They have Mac virus programs, too. But since OSX there hasn't been a single virus that has been found in the wild, and the anti-viral packages are more dangerous than caution and back-ups.
Dgrin FAQ | Me | Workshops
I accept that a Mac virus is a rare beast.
It's the spyware stuff I'm not so sure about.
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
Understood. I have heard nothing about Mac spyware...neither that they are a threat, a concern, nor had I ever heard of an app that dealt with them. That's how low on the radar it is.
Dgrin FAQ | Me | Workshops
I wouldn't get just a FireWire drive. It's never fun to try to use a drive to move big data and find out a computer doesn't have a certain connector. I have Macs and PCs, old and new, and so what works for me is both USB and FireWire connectors so that a drive is useful to any of my computers.
There is FireWire 400 and FireWire 800. Some say external SATA ports/cards will start to give FireWire 800 serious competition at the high end. Apple dropped the FireWire 800 port from the 15" MacBook Pro, but kept it on the new 17" MBP, which confused everybody. All Macs have FireWire 400 and USB 2.0 ports.
I agree, don't turn your back on USB 2, it's way too prevalent to ignore. But firewire is great, and preferable, IMO.
Dgrin FAQ | Me | Workshops
My newer external drives are both firewire and USB 2.0.
Thanks. I note that the test David posted was between FW 400 and USB 2.
My first Mac is a Macbook. Or it will be, when I finally get it! I only have one external that's both USB and FW. The others are USB only. Never thought I'd need FW!
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
Buy more now!!!!!!!!
If you decide you need it, you can always just buy new cases and move the drives. Easy peasy, and cheaper, too.
Dgrin FAQ | Me | Workshops
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
That might be because I have no idea how these things work.
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
Do I want Automatic Updates On?
I guess I need to download some virus software now. :cry
http://photos.mikelanestudios.com/
Thanks.
I am in the process of installing Firefox, Ad Aware SE personal and AVG free. The windows firewall is on and I am also accessing the internet via my airport which should have a firewall too. So am I safe enough? I am not checking email or surfing (outside of updates).
Hope you're maxing out the RAM (with cheaper non-Apple sticks). A friend bought a MacBook for non-demanding uses (Word, e-mail, web) and I took a look at its virtual memory usage and at the out-of-the-box 512MB RAM it hit virtual memory much more than I expected. If I were running Photoshop on one I would definitely go to 2GB as soon as possible and plug in a Photoshop scratch drive into the FireWire port.
http://photos.mikelanestudios.com/
only for V$AGRuH
No I will only go to known sites that I need updates for that I cannot access on the mac side. I will leave the internet connection on, just because it is a pain to turn on and off.
The only Windows update that came up was a publish update, I did not do it, since I am not using publisher.
Thanks for the info.
Thanks, The top one looks good, the price is right, but it is out of stock and unknown. I will keep searching. I am not in a big rush, but it would be nice to have a spare drive.
The biggest difference by far is that the Mac makes good use of its security infrastructure and Windows does not.
Notice that Mac malware was common prior to OSX. It disappeared. Why? It's not because the Mac lost marketshare; it's been growing ever since the release of OSX. The issue is that OS9, like Windows, provided no protection against the modification of system files. As such anything that managed to run at all could change the system to its heart's content. And people wrote software that did exactly that.
Windows, despite moving to a platform with inherent security in NT, 2K, and later XP, has continued to run most user accounts with full system privileges -- thus rendering the security infrastructure completely worthless.
It is possible to secure NT, 2K, and XP. In fact, I wrote a software package that did just that for NT3.5. The problem is that if you do this a remarkable amount of software will fail, having been written assuming full system privileges. This includes children's software -- which, to me, is total insanity. Microsoft's problem is that if they chose to turn on security they'd break a lot of software and they were having a hard enough problem getting people off of the unstable Win9x codebase. So they opted for loose security and we've all been paying the price for it.
The good news for Windows folk is that Vista will (supposedly) move to a security architecture very similar to OSX. In so doing we should see malware issues largely evaporate. It couldn't happen soon enough for me.
It will always be possible to write that malware because there are always bugs in operating system software. But with a locked-down system it becomes orders of magnitude more difficult. And that is why there are no known spyware applications on OSX, Linux, or FreeBSD yet Windows is completely infested.
By the way, it is possible to substantially improve OSX security with two simple changes. First, create an administrator account separate from the normal user logins. Second, disable administrator privileges for all other accounts. This makes a big difference because /Applications is otherwise writeable by user accounts, and that allows malware to modify applications therein. From that point it's a fairly short step to infecting the rest of the system.
The annoyance in doing this is that you will no longer be able to simply drop new applications into /Applications; you'll have to switch to the administrator account to do it. Apple was smart enough, at least, to have all system administration tasks authenticate if necessary ... so administration can still be done by random accounts, you just have to supply the administrator account and password.
jimf@frostbytes.com
See the follow-up msg posted a couple below that one... Firewire/USB2 combo coming later this month, but it's $99(!) for the enclosure. I'm sure other manufacturer's will follow soon enough.
ATA/IDE/PATA are pretty much all the same thing by different names. You just need the 2.5" size.
One advantage of FW external drives, is that you can boot from them if you have a duplicate copy of your system drive in OS X on the external drive, as with Super Duper for a B/U.
You cannot boot from a USB 2.0 drive on a MAC. You can just store data on a USB 2.0 drive.
Moderator of the Technique Forum and Finishing School on Dgrin
I saw that, just a little pricey.
So is SATA the one with a different connector?
Actually, this is changing. Reports on the Apple forums say that Intel Macs can boot off of a USB 2 drive.
Ah, frack. IE And Firefox Sport New Zero-day Flaw. It's more a phishing/data-harvesting type thing, but it's reportedly cross-platform and cross-browser.
my words, my "pro"pictures, my "fun" pictures, my videos.
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
What a great post! I'll see if I can figure out how to do that.
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
Yes, as of last week an XPSP2 install required 44 updates.
jim
jimf@frostbytes.com
Thanks. I will let them install.