security utilities for a new mac
 

a friend of mine is buying a new mac and I am looking at security software for their new mac, any recommendations
I have been considering MacScan, The DoorStop X Firewall, The DoorStop X Security Suite, INTEGO Security products, Norton. Does anyone have any reccomendations?
Thanks,
ttreewell

You don't need any of that. Require a password for login and when the screensaver comes on; turn on the firewall.
Don't install anything from the Internet whose provenance you are unsure of.

Bingo: virus-free and secure.

Quoting this for truth. Don't use a weak password, don't open up services you aren't using, turn the firewall on, keep your system and Web browser(s) up to date, utilize the security features of the Web browser(s) you have, and don't give your admin password to stuff you don't absolutely trust. If you want to run anti-virus software, avoid everything but this:

http://www.clamxav.com/

... and don't do day-to-day computing with the admin account. Use a standard non-privileged account for this. Note Mac OSX has fast-user switching which means it is easy to get into the admin account if it is needed.

Unchecking "Open safe files after downloading" option in Safari preferences reduces the risk of 'drive-by' installing by dodgy websites. Assuming the user uses Safari of course. I can't remember if this is now unchecked by default.

I would recommend Little Snitch for intercepting attempts by applications to 'phone home' but I use an obsolete version and can't comment on the latest version.

Looking at the screen shot for MacScan leads me to conclude that it is scare ware. You'd be hard pressed to find one piece of spyware on Mac (I don't believe any exists that you wouldn't have to deliberately install.) let alone 16!

Doorstop appears to be another firewall. It may (or may not) do a better job than OS X's built in firewall, but let's face it, a firewall can't protect you at all if you've opened services to the internet.

Intego and Symantec (Norton) have been trying to scare up Mac business for years, but there really isn't a need for them, unless you're behind a corporate firewall and need to protect the company's Windows boxes from inadvertently forwarded PC viruses.

AV software won't protect against new viruses until after they're discovered and defined, so I plan on waiting until there are real OS X viruses before installing any AV software. That's worked well for nearly eight years and still counting.

Here's the Macworld review of Macscan, verdict: Lame

I agree with the other posters. None of the above is my recommendation. If the Mac is behind a NAT router you are very safe generally.

Version 2.x is a work of art!
[i highly recommend]

-HI-

I'll pile on...you don't need security software on a Mac.

"You"? [sorta depends on the user... and what they do, doesn't it?]

I kind of like knowing when programs try to connect to the outside world.
I'm not saying anyone's Mac will explode, but it's nice to be informed and
aware of goings-on... not operating in continuous oblivious bliss.

Little Snitch is not just for the paranoid, but also the technically curious.

Agreed with HI on this one, as usual. To drive his point home, in a mixed platform environment, software like ClamXav may be necessary: it can detect Windows viruses and prevent your Mac from being a carrier of and transmission vector for malicious agents that degrade the security, stability, and performance of your network and devices on it.

Additionally, I'd consider a software-based firewall "security software", wouldn't you? :)

Let nature take its course. If Windows boxes remain highly vulnerable, they should be replaced, not protected by Macs.

You tell that to corporations with thousands of Windows computers. To replace all the Windows machines at some of the clients my company has, it would cost seven figures in total hardware replacement and deployment man-hours. Then you have to train your existing Windows help desk people in Mac OS X or replace them entirely. Now factor in fixing things that go wrong in a massive rollout like this. Do you really think this is a feasible solution?

What is the compulsion Mac users have to convert everyone, regardless of practicality?

Edit: Almost forgot to factor in lost productivity as your workforce learns a new operating system.

Having been both now a Windows and OS X sys admin now, I can safely say I do prefer the OS X side of things, however it is indeed not perfect. In all honesty, OS X also lacks vastly in several areas, one being mass printing. Their print server services are probably the worst in the market, and I men that on a serious level.

I deployed 5500 macbooks, and had to build a total new Mac back end to support it separate from our windows machines, and it took way over 7 figures to accomplish that, and I was hired on to help with the process. It is not an easy nor cheap task to migrate from one platform to another. My current work didn't spend money really to train anyone, they hired me and I am pretty much the go to guy for a lot of things and I train my team I work with. Though, I am not their supervisor or boss by any means (thankfully, not really wanting managerial responsibilities).

On topic:

All you need for any OS to be secure is the following, and security by the way is best practiced in layers.

1) Decent router with NAT support, SPI firewall, WPA encryption, strong passwords. Occasionally run spyware/malware/virus scans to clean up any junk files on your system or potential security threats.

2) Keep all OSes up to date and patched, use strong passwords

3) Keep all real sensitive data in an encrypted disk image, strong password, and DO NOT FORGET YOUR PASSWORD!

4) Try to use authentication as much as possible, ie, like a RADIUS set up, that way you won't get pegged with hits and scans from outside possible intrutders - lesson learned on one of our web filters at work.

5) Use good applicaitons, don't download codecs, plug ins, extras, etc from unknown sources. Don't open email attachments unless you scan them first - aka use common sense, and always protect yourself

6) Don't use crappy P2P software like Limewire, you are asking for it then and probably most likely breaking the law.

If you follow these basic steps and use your choice of OS, you will likely be pretty secure. I have had a windows box on my network since forever, and I haven't had any issues with viruses or spyware really ever - in like the last 8 years. This is because I take those basic steps on securing my windows box and not doing things that put my system at risk.

EVERY computer gets replaced at some point, so the cost of replacement is moot if you do it as that point arrives for each machine.

As for training help desk, if they need it, they should be replaced.

I'm not saying that you have to replace every Windows box with a Mac. There are other platforms. Of course, if you do replace a Windows box with a Mac, any lost productivity due to learning the new OS will be far out weighed by the gain in productivity after the adjustment, not to mention the security benefits.

True, but that doesn't mean it is more cost effective to completely change out your infrastructure. The down time alone to do that is very costly, consultants you hire to help smooth it out is costly, etc. If I have my server back ends set up I can cycle through many life cycles of desktops and laptops and not have to change my back end. Eventually, yes, I will upgrade my back end but that most likely does not coincide with the end user deployments, so it is more cost effective to keep the same platform.

I can see lots of ethical issues here, and some disdain amongst all the staff if you just up and lay people off and not training them. It can be way more cost effective to train them as well, since you have already invested money in the employee for their benefits and retirement. To start all over it could cost a lot more considering market, economy, inflation, etc.

This is a matter of opinion, some people do not like Linux, OS X, or Unix, they like and are comfortable with Windows. They are more productive on Windows. This is nothing but an opinion and far from fact, and comes down to the individual more than anything. I agree that a Mac is streamlined for some things, but even myself as a Mac user, find other platforms are more efficient at some aspects of plain old desktop productivity.

I prefer the Mac OS X side, too. I feel the administration and support is easier, overall, for a basket of reasons.

That's a good list, and if you follow it, you'll avoid most Windows support nightmares. A well-managed environment solves a lot of headaches. You still can't control weird vulnerabilities that crop up outside of your management control, but you never can. The overhead is, of course, the time investment to do all of it, but you need to do it anyway, so it's just the price of playing the game. Windows makes the time investment higher, I believe, but it's like thermodynamics:

1. You can't win. (You will always have security and management issues, regardless of platform.)
2. You can't break even. (Windows makes it more difficult as the number of users you support gets larger.)
3. You have to play the game. (You have to support Windows in the real world.)

If I could add to your list:

7. Support costs (time and money) for these problems are reduced dramatically by intelligent system image deployment. This goes for both Mac OS X and Windows. There are good tools for both platforms that act like headache pills when something's gone awry on a user's machine and you need to fix it Right Freaking Now. You also can configure your standard image(s) to have all your AV, firewall, etc setup ready to rock immediately, reducing configuration time and errors.

Every machine gets replaced at some point, but not all at once. And when they get replaced, it's far, far, far easier to replace it with something identical or similar. Gradual migration is feasible, but you can't justify up-and-replacing a million dollars of gear and supporting infrastructure. Even a gradual migration is a complex, difficult task.

This is not always true. The time and cost investment of replacement and deployment of environments does not scale linearly in comparison to single (gradual) shifts. Replacing a hundred machines and adding/altering infrastructure and policies to support the replacements has greater potential for problems than a few at once over a given period of time.

This is a terrible, short-sighted thing to say. It suggests to me that you've never worked with good deskside support teams before. You're basically saying, "We're gonna buy Macs! You Windows guys can screw off because you don't already know Mac OS X and we don't think you can learn it! SORRY! You're useless to us!"

Doesn't even matter if that's true or not, or even what you're really saying. That's how it sounds. Good luck floating it past management. Also, good luck getting anything but dirty looks from other employees who liked the Windows help desk people that just got cut because you wanted to buy Macs. You aren't going to help morale by replacing everything and getting rid of people.

Good help desk people are invaluable assets. If you switch en masse, you must accept the weight of your help desk potentially requiring training time for your new systems and infrastructure changes. If you decide to replace the help desk, you then must accept the time and cost of the new people learning the remainder of the existing environment and the new changes you designed and rolled out. You're training help desk people in your new stuff either way.

You're living in a complete Mac zealotry fantasy world. It's just not as simple as "replace all your Windows stuff with Macs".

I have dealt with good deskside support teams. They were Mac based. They did know about computers though, so they also supported Windows.

I'm saying that if you're in IT, especially support desk, your job is to support computers, NOT just Windows. If you can't do your job, you should get another one.

I apply the same philosophy towards computers: let the strong survive, and kill off the weak, highly vulnerable systems. Think of it as a free market approach, if that helps.

This is the most Slashdotty stuff I've ever seen on these forums.

It is unreasonable to call your help desk weak and fire them if you're a Windows shop and your help desk is dedicated Windows support, and then you switch everything to Mac OS X and they require training in the new systems, environment, and infrastructure you just rolled out.

Seriously, man, zealous fantasyland.

There have been a number of off-topic posts recently in this thread. This thread is about recommendations for security software for Macs. It is not about how to transition a company to Macs or what the benefits of Mac are, etc.

Please desist with the off-topic posts.

Who said this had to happen overnight? I've never seen any transition happen rapidly, so where do you get the idea that a transition to Macs would occur so fast that the help desk wouldn't be able to keep up?

Also, are the PCs at your work using different cabling and switches than the Macs? Is it suddenly not possible to have a mixed environment? :eek: