But antivirus software doesn't protect you against anything at all, not even known attacks. All it does is cleanup known attacks from your hard drive after they've already come, or at best cleanup known attack programs from emails that are already on your computer.

Protections from viruses and some other types of malware are things like Mandatory Access Control (weren't you just talking about this in another thread recently?) and MLS operating environments. But not AV software.

Trevor

Not if the prevention is more costly than the illness, in terms of dollars spent on the software and $$ wasted time $$, both computer and human.

There are many examples in medicine where the risks and costs of taking a particular vaccine outweigh the risks and costs associated with the disease it may (or may not) protect against. Autism due to vaccinations is one that recently made the news.

OT but I think any link has been pretty much ruled out.

Question for the experts here - i have been checking out Applescript, so would it be possible for Mac Attck's - OP - boyfriend to write a script that sent a copy of any email opened by Mac Attck to another address and secondly, i guess that it would not be picked up by Little Snitch if one had LS installed.

You could do that with a Rule in Mail. No need for any script. Of course, it would only be hidden in plain site. ;)

Not true. http://en.wikipedia.org/wiki/Real-time_protection

MAC would help but not as much. A user still needs to be able to do things. Anything a user can do malware can too.

Very true. The problem, as far as I see it, is that pretty much every OS still views the Internet as a domain on an equal integrity footing as the user's computer. As such, Web browsers are run with the same privileges as the user. In my view, Web browsers should have a lower level of privilege and then browser-borne exploits would be greatly reduced (since malware would have lower read/write/execute privileges than the user*, and similarly for code run by the browser itself).

*yes, this won't prevent social engineering attacks

EDIT: hell, make all programs have lower permissions than the user, with file open/save dialogs (done via OS APIs) have implicit user authentication built in. Basically, treat every program like a separate user in a traditional MLS system.

Yeah, you're right, some AV apps claim to do that, but they do it in a very shoddy way. (More here, here, and several other places).

Is the 'treatment' worse than the cure?

Trevor

The problem with most current AV is that they work on a signature basis. As soon as a few bytes change of the malware the signature changes. Since malware makers push out variants like there's no tomorrow signature based AV can't keep up. Meaning you run the risk of false negatives.

The other side is using heuristics. That will look at certain 'questionable' code. When code like that is detected the file is flagged. The downside of that is that that 'questionable' code can sometimes appear in normal executables. This results in a false positive.

Unfortunately there's no panacea and there probably will never be. Currently the best malware detector is the person sitting behind the computer. Don't believe for a second that just because you use a Mac you will never, ever, get infected. Times are changing.

Interestingly, Snow Leopard is reported to come with some built-in AV features.

OT, but: Autism as a consequence of vaccinations was a media scare, not a medical evaluation. There is no scientifically proven link. The only guy who claimed there was a connection has been shown to be a kook with an axe to grind.

AFAIK it comes with some additional features that would make exploiting a bug successfully more difficult. Known tricks other OSs have used for decades. Solaris/SPARC i.e. has had a non-executable stack since 2.6. They won't make it impossible, just a bit more difficult.

Or a corporate cover up like cigarettes and cancer, lead paint and brain damage, DDT and its health issues, and the list goes on...

:rolleyes: So because it's not impossible, we should all act as if the sky is about to fall and go out and buy AV software! :rolleyes:

No, that's not what I'm saying. What I am saying is just because you use a Mac you're not invulnerable. Unfortunately, a lot of Mac (and Linux) users seem to have that mind set. Bugs exist and will get exploited, despite the security features. And a lot of the current malware doesn't even abuse any bugs.

A lot of people view an AV as some sort of inoculation. Once they have an AV running they think they can click on anything. This is simply not correct, an AV is a tool to aid in the detection of malware and should be used as such. You still need to be careful of the things you run.

And I'm saying that AV software does not make you any less vulnerable. On the contrary, it creates a false sense of security as you've pointed out. So when you say:
what you're really saying is that by spending money on AV software neophytes somehow find a false sense of security to be beneficial!

The reality is that AV software merely shifts the bulk of the liability from the OS provider (where it belongs) to the users (where it doesn't belong*) while adding extra costs for the users.

*Please spare me the: can't protect users from themselves argument. That one is spread far too thin to cover for example, the millions of bots sending spam at this very moment. It also is demonstrably false because successful attacks on Macs are nowhere near as high as they need to be to account for market share.

No, I'm saying that users who are not versed in malware techniques can at least get a warning something bad is happening. As opposed to no warning at all and ending up as a zombie.

No, it's the user's responsibility. The OS cannot protect a user from being stupid (or naive). Try, as root, rm -rf /, did the OS try to stop you? The only way to archive that would be to create a system with a set number of functions and no way for a user to ever expand or change any of it.

When you send a file to a random person you still have a 90% chance of that person running Windows. Only 1 in 10 would be a Mac. If I was a malware writer trying to make big money, guess which system I would choose. It's all about statistics.

No, you're saying that they might get a warning, which is what sets them up for a false sense of security.
:rolleyes: :rolleyes:
Yeah, and if I drop my Mac in my swimming pool, the OS won't protect me from my actions there either. So what?

Please! There are zero successful attacks on Mac users. Notice that I didn't say there were zero attacks. There have been several. None of them could be called successful, unless you count generating "news" stories a success. Or maybe you think that a proof of concept is a success, even if the concept has always been accepted as fact!

Err.. Liability? How does that compare to running an executable downloaded from the web? You are the one that decides to run it, not the OS. The OS won't stop you from running it. Yeah, yeah, you need to type in a password to install anything really deep into the OS. So what? Given enough social engineering I'm quite sure a small percentage will actually type in that password without questioning it. Then who's to blame? The OS or the user?

Successful by which standard? A single successful attack or do you call successful a news item that says XX number of hosts are infected?

How do you know it has never happened and nobody was ever infected?

Just because you don't see it happening doesn't mean it doesn't exist.

A single attack on a single computer is insignificant, unless its yours and therefore not successful.

Wake me when you know of a successful attack. In the mean time, I'm done here.

.
This looks interesting!
I also wish Apple would integrate Little Snitch into their OS. Great software!
.