Virus Protection
 

Hi All


Just wondering how many use virus protection on their Macs ?


Cas

I do on all my Mac and all the Macs I support. But not because there ARE any viruses (there aren't), it's a stop-gap measure for that day when one actually appears.

I very rarely run ClamXav. I don't see it as preventative, since if a Mac virus were to be written it wouldn't find it until sometime after it had been discovered and defined. Running it regularly would only help to protect PC users, and I'm not doing that unless they pay me. :p

do a search for more info...but the concensus here is around ClamAV. It's the virus scanner that Apple is including with OS X Server.

ClamXAV has a nice gui wrapped around it.

I have it installed to comply with security requirements. The requirements I have to meet are set by a very conservative IT department, and insisted that I install *some sort* of anti virus software.

It always amazes me how so many people heading up IT departments have so little knowledge about computers. Honestly, if every PC in a company has AV installed, what purpose could having it on a Mac possibly serve? Are they convinced that a Mac virus is due out in the very near future and they want to save the ten minutes required to download, install & update AV software when it does? :eek:

Seeing how there aren't any viruses, how there aren't likely to be any viruses, how any viruses that somehow manage to emerge would get fixed by a Software Update from Apple in less time than most antivirus vendors are capable of pushing definition updates, and how AV software is guaranteed to use up resources for no good reason (and probably crash and do other nasty things)....

Well, this is definitely a case where the cure is worse than the disease. Just say, ``NO,'' to Mac AV.

Cheers,

b&

LMAO, one time the SAN went down and they came running to my desk.

dumb_admin - "Did you connect to the SAN"
me - "yeah"
dumb_admin - "What did you do!?! It crashed hard. Don't connect again"
me - "um...all I did was copy a few files to it"
dumb_admin - "Yeah, but we're not sure how the Mac..."

at that point I just tuned them out. They thought me connecting to their SAN with one Mac took the entire thing down.

Even after they determined it wasn't the Mac that crashed their system, they made me move my files off the production SAN, and onto the development SAN. idiots.

They claimed that it was me who told them that the Mac didn't play well with SMB/CIFS. All of the documentation I sent them listed issues on the client side. Nothing I found, or have ever heard of, would lead me to think that a Mac could crash a SAN through normal daily usage.

Well a journalist on BBC called the mac community 'smug about security'; he unleashed quite a torrent of replies on that one http://news.bbc.co.uk/2/hi/technology/4620548.stm

And if you did crash it, you did them a favor. They have a broken SAN if a client can crash it, and need to fix it.

I run no AV software on any of the Macs I support. It's pointless. If there is a virus, there won't be an existing definition file for it, so it won't do any good anyway.

So is running the active scanner a waste of memory then. I am fairly new to Macs and have been running the AV everynight thinking it was a good thing. I've always heard that there is no virus out there but, well, yeah????

Not so much a waste of memory as a waste of processor cycles. I prefer to give any extra cycles on my system to a distributed computing project like seti@home, or one of the medical projects like d2ol or folding@home.

hahaha good points...both of them.

I stopped the active scanner and looked up the folding@home. I downloaded the "increase" thingy and started folding. This maybe a dumb question but do i have to be connected to the internet while this thing is "FOLDING" or can i just let it run while not connected. I have no idea how it works but it seemed like it goes to good cause.

thank you

Yeah you don't have to be connected for it to fold, but it has to be connected to send back data and receive a new set of data to crunch on.

Awsome, thank you! I take my comp to work with me and can't be connected all the time. thank you very much

also my friend just bought a new iBook and is very worried about getting a virus. So is he stressing out for nothing then? Or could it benefit him to get an AV.

Yeah, he's worrying over nothing. It's not like he has a small chance of getting a virus. There are none. There is not 1 virus for OS X that has ever been reported. Not one.

This is the hardest step for switchers.

I know it was for me. I still have the itch every now and then to fire up AV software...but then i shake my head and realize i don't have to deal with that crap anymore, and move on to playing with iLife '06 and Photocasting ;)

well thank you again. I have a lot to learn about Macs yet so you have been a big help for me.

I never found an AV that doesn't have negative impacts on system performance all the time, even when not scanning. They are garbage; with good reason, since they do nothing on a Mac. This would be even worse on an iBook or older machine.

Yeah, the only time i have ever experienced a kernel panic was because of NAV 9.0. I had two in one week, did some research and uninstalled it...and poof...haven't had a kernel panic since (this was in 2003)

You're certainly welcome.

Welcome to the Mac community, and come to the forums if you have any other questions...someone here always knows the answer ;)

I think the chances are me being the first to get a virus are pretty slim.

I agree. But that would seem to be an argument for not running an AV program at all - until you hear of the existence of an OS X virus.

I guess that what running an AV program does for you is that it relieves you from the need of keeping up on OS X news (but you probably do that anyway!) since the AV program's automatic update feature would find out about the existence of an OS X virus. So that's an arguably good reason to have an AV program installed now - in advance of any OS X viruses.

But if that is the only feature that you need, it should be possible to configure the AV program to not bother running any scans until an update tells it that an OS X virus now exists. In fact, it should be possible to only install the update feature and avoid all the other downsides of AV programs.

Well, I can tell you I'm not going to run around installing AV software on 250+ Macs when it happens. :)

But that's the whole point I, at least, have been trying to make.

You won't have to.

Every virus ever written has taken advantage of a programming error--a bug. Many of the bugs have been design flaws rather than ``oops'' errors, but they're bugs nonetheless.

The solution to stopping viruses isn't to run antivirus software to catch viruses in the act or after the fact. The solution is to write well-designed and well-written code in the first place (which Apple, largely, has already done) and to promptly fix bugs as they're discovered (which Apple has a very good record of doing).

It's all but guaranteed that, in as much time as--if not substantially less than--it takes the AV people to come up with a signature file for the first Mac virus, Apple will have released a patch that fixed the bug that the virus relies upon.

So, really, it's fair to say that OS X ships with anti-virus software pre-installed (the well-written code that makes infection in the first place infeasible) and they offer, free with every Mac, an anti-virus update service (Software Update) that's pre-configured to check for new viruses and install active defenses regularly and nearly automatically.

Cheers,

b&

*DING* We have a winner.

Remember that Windows was written 15 years ago when no PC connected to the internet and it was assumed that all users could be trusted. There are features (like the recent WMF vulnerability issue) that have existed in Windows since then.

In other words, the code was written with CONVENIENCE in mind but not security. Patching that up is just about impossible. What MS should do is what Apple did--scrap it all and start over. That's the only way to be secure.

Yes, but then they lose their one and only advantage, since a system designed that way wouldn't run most of the software available for current Windoze variants, let alone legacy systems. They're really in a bind, and I don't mind admitting that I'm loving it. :D It couldn't happen to a nicer company.

Of course. It would prompt people to look at alternatives. That's why they won't do it. Simple and cheap, that's the American consumer's choice.

Regardless.. I'm STILL going to ****ing run AV software on all these boxes. Call it paranoia, I don't care. It's running and will remain so.

On reason to keep the AV software running, is let's say someone does create and release a virus for OS-X. Once it's out there and found out about, the AV company is going to get hot on updating their def's to beat it, and there's a decent chance that the def's will be updated before Yellow's company gets hit with the virus.

I'll bet that Apple patches before the definitions are available.

I am pretty confident there's a response plan at Apple for such a thing which includes all-night coding as needed. Think of the headlines it would make when it takes up to a month or more to patch some Windows vulnerabilities and Apple does it overnight.