Got a question. What security should I get for my new Mac? I hear some say that you don't need it? Coming from PC and having lost a computer to viruses, I find this a bit scary.

None. I haven't had antivirus on my Macs since 1998.

None. I haven't had antivirus on my Macs since 1998.

Thanks Tony. So I really need nothing? Wow how cool is that?

There aren't many acknowledged viruses for the Mac, so buying an Anti-Virus program is both a waste of money (and the Macs resources).

However, it's perfectly possible for the owner of a malicious web site to create a Mac compatible program that'll mess things up for you. So, if you happen to download what you think is a valid program (let's say it's a "plugin" that allows you to view videos), you get a dmg file and type in your password to allow it to install and run. Thus, your Mac is "infected" with a program that will either destroy data or collect and send information on your computer.

So, just use some common sense and consider what you're downloading and installing from web sites.

Also, it makes sense to make sure that either your router has a good firewall, or you enable the one on your Mac.

Thanks Pete.

I'd look at this way, how would you know if you're infected or picked up a drive by if you have no AV/Malware scanner installed on your system? How valuable is your data? Malware comes in many forms, though Flash, Java, JavaScript. One of the most dangerous browsers to use is Safari because of it's security history. The last infosec report I read was that there was about 100,000 bots that where OS X 3 months ago.

OS X Botnet (http://www.networkworld.com/news/2009/041709-first-mac-os-x-botnet.html)

This Swarm was created in pretty much the same way PC Swarms are created: By user ignorance.

Apple is historically the worst for producing updates to critical flaws, including the latest Snow Leopard which leaves your system vulnerable with a older version of Flash player installed from new! Some will say Microsoft is, but they have had now for several years a patch Tuesday for the majority of critical vulnerabilities that are discovered.

People will argue the toss saying Apple is more 'secure' but it's not a secure OS it's security by obscurity. Vista/Windows 7 is far more 'secure' than OS X, as it's got a stronger implementation of ASLR than even Snow Leopards implementation. In many ways Apple have ignored the opportunity to secure/harden the system.

IF the situation arises that OS X becomes targeted for Malware, which is what 95% of PC infections are, then you're going to be faced with what Microsoft had to do with Windows XP.

Also Snow Leopard has a very crude Malware protection system which is barely worth the space it takes up.

To sum up I'll give the same advice I give Windows users:

Practice common sense, if it says an update to Flash; where is that update coming from?
Check the site credentials.
Learn what a scam e-mail looks like.
Learn to lock down your system.

Think before you Click.

The sky isn't falling (or should that be "Faolan"? :) ). I'll say it again, I haven't had antivirus on my Macs for over 10 years and have never had a problem. In fact, I don't know a single person with a Mac who's had any kind of malware. Don't steal software and you'll be just fine.

I heard some time ago that many hackers are teenage "bedroom" script kiddies that exploit through collaborative effort. They'll join a discussion board that publishes any minor success that someone might have, and then other kids will expand and exploit the vulnerability. Now, because these kids can't afford Apple hardware, they'll stick to PC architecture.

Granted, that doesn't mean that OSX is any more secure than Windows, it's just targeted less often.

Mac users are protected to a certain level by having the user supply a password whenever any software is installed. This approximates the functionality of the User Access Control that many people complained about in Windows XP ("why do all these pop-ups come up every time I install something?") - many people decided to turn off that feature and thus allow themselves to be exploited without their knowledge.

With both systems, common sense is the best defence - don't open attachments that you're not sure about, even if they're from people you know. And don't blindly install software that a web-site suggests you do, except when you're sure what the website is.

Don't steal software and you'll be just fine.

You're blithely ignoring a major source of infections: Drive By. Sites visited with your browser, and for some of the more serious vulnerabilities no user interaction. The downgrade of Flash player in Snow Leopard leaves the system vulnerable to some nasty infection possibilities from drive by websites. Drive by attacks often target multiple systems and/or vulnerabilities.

Just because you don't know anyone without a infection on a Mac doesn't mean that there isn't any. How many have AV/Malware Scanner on their system? Probably none, so saying that is a fallacy. It's like saying I don't know of any person on Windows that has an infection when they don't run the same protection. They just wouldn't know. Not all malware will cripple your system many will only piggy back and log keystrokes/screenshots.

Hence the advice, use common sense! This is the advice I give you any computer user from Linux to Apple. I'm being realistic about the OS and not spreading FUD as you imply. If you want to stick your head in the sand so be it.

These days it's now the work of organised gangs that look to steal information for identity theft, spam relays and DoS attacks. These are three of the main purposes for Bot Nets.

@Pete

UAC first appeared in Vista not XP, which is one reason why people hated it so much... Ironically the UAC in Ubuntu is far more intrusive! Vista also removed administrator privileges from the normal users which also helped reduce infections combined with Windows Defender and MSRT.but the downside is that badly written software that worked in XP didn't work in Vista... Mind you why the hell did they write a program that required administrator privileges to work?!

The sky isn't falling (or should that be "Faolan"? :) ). I'll say it again, I haven't had antivirus on my Macs for over 10 years and have never had a problem. In fact, I don't know a single person with a Mac who's had any kind of malware. Don't steal software and you'll be just fine.

And in the almost 20 years I have used pc's and computers I have NEVER had any issues with virus, malware etc.

You're blithely ignoring a major source of infections: Drive By.

No, I'm ignoring it because of statistical probabilities. Right now, there's no need for antivirus software for Macs. That could change tomorrow, but I'm not holding my breath.

And in the almost 20 years I have used pc's and computers I have NEVER had any issues with virus, malware etc.

That's great, I'm happy for you. But this thread isn't about Windows malware, it's about the (nonexistent) Mac malware.

Sophos 1 (http://www.sophos.com/blogs/gc/g/2009/06/10/mac-malware-adopts-porn-video-disguise/)

Sophos 2 (http://www.sophos.com/blogs/gc/g/2009/03/25/apple-mac-malware-caught-camera/)

Security Watchdog (http://www.security-watchdog.co.uk/2009/08/more-mac-malwar.html)

Mcafee White Paper (http://www.mcafee.com/us/local_content/white_papers/threat_center/wp_newappleofmalwareseye_en.pdf)

Server Watch (http://www.serverwatch.com/news/article.php/3825131/Mac-OS-Seeing-More-Malware.htm)

Enough said.

All exercises in futility. No worries for Macs.

Got a question. What security should I get for my new Mac? I hear some say that you don't need it? Coming from PC and having lost a computer to viruses, I find this a bit scary.
As with any computer, you should have a firewall and some sort of antivirus/anti-malware. And of course, you should make sure you don't go about clicking every link you see, that is the easiest way to get something, and 90% chance the cause of your other computer's death (with 9% getting infected from a Mac, and 1% by having your computer directly plugged into a modem without a firewall). Even if your computer doesn't show symptoms of infection, it can infect other computers you use.

No, I'm ignoring it because of statistical probabilities. Right now, there's no need for antivirus software for Macs. That could change tomorrow, but I'm not holding my breath.
That's great, I'm happy for you. But this thread isn't about Windows malware, it's about the (nonexistent) Mac malware.

Actually, quite the opposite... Many of the Macs users I know have at least a virus or two on their system (even if it doesn't do anything to their machines), and they can't use googles document or gmail because some things they upload are found to have a virus. Whether or not Macs show symptoms (there are some pretty nasty viruses/ malware that attacks osx, but most only steal info, don't bog down the computer), there are attacks, and having the bare minimum of defense is needed (firewall, AV, personal restraint, though last is easier to avoid using the newer firefox installs).

I heard some time ago that many hackers are teenage "bedroom" script kiddies that exploit through collaborative effort. They'll join a discussion board that publishes any minor success that someone might have, and then other kids will expand and exploit the vulnerability. Now, because these kids can't afford Apple hardware, they'll stick to PC architecture.


Used to be true decade and a half ago, but nowadays it's more of organized crime (and even possibly some governments, though that will likely never be verified) rather than kids with free time. They still go after Windows, but that's because 95%+ of the world's computers run windows at least part of the time.


Lets not turn this into a mac vs pc thread now... Fact is, it is very unlikely his computer will be slowed down by a virus, but there are attacks (and growing as apple's market share increases), so OP should be using safe computing practices. He can chose not to use AV, but we would then not be responsible if he does get a virus.

Actually, quite the opposite... Many of the Macs users I know have at least a virus or two on their system


Please name one OS X virus.

I didn't post this for it to become an us against them thing. I just needed some advice. Thanks for the advice Tony & Pete.

Mac's can easialy run a naked system with no malware protection. 95% of the protection comes from the user anyway. Just simply don't go to bad sites or download things you are not 100% sure are from trusted scorces. I have been running a naked windows system for about 7 years and have not had a problem. But I behave myself on the internet. I will download and run a scan every now and then to be sure. But I have never had a problem. So if you are running a Mac I would not waste my time or money.

That said, I beleave when the time is up for the Macs, they will fall in numbers never seen before. When the first virus or two that really know how to violate a Mac come arround, there will be so few Macs that are protected that epidemic will be a understatement. So dont worry for now. But keep an eye on the ratings/reviews of the software. That way you know what one to get as soon as the outbreak happens.

Any thoughts on Mac Scan? Norton for Mac?

Any thoughts on Mac Scan? Norton for Mac?

I don't think at this point that an Anti-Virus program for the Mac is really needed. It'll just take up resources.

As noted, safe internet practices will protect you more than anything else, until there's a time that Mac-based malware becomes prevalent.

Obviously, if you read articles written by security/anti-virus websites, they'll suggest you buy such products. for the time being, it's the same as buying snow-tires in Arizona. it's not likely to snow there for some time...

Thanks Pete. Sounds like good advice.

Please name one OS X virus.

+1 that isn't a trojan or can't be solved with a flash update :)

Think before you click, simple as that. There used to Mac viruses for previous versions but non for ages. Not saying there perfect or immune. Just saying non at this present moment in time.

The worst viruses in PC history were spread via common (and open) network ports. Ports that do not exist (in the same manner) on Mac's. As a professional IT person on a team supporting a 10,000+ computer network I can honestly say Windows is only as secure as it is due the the diligence of Microsoft. If they didn't send out 1000+ security fixes every year for Vista machines over the world would have crashed and burned long ago.

Mac ports are handled a bit differently than on PC's but they still must comply with standards, thus, it is entirely possible (and likely) that Mac's can be conduits for spreading worms and viruses to PC's without themselves being infected. We find viruses on Mac's on our network and they are generally spotted by the server AV software once they get on the network. Trojans are extremely prevalent on business networks due to Active Directory ports required to establish connections. Kids are also the most targeted population on the net because they use sharing programs, use obscure (cute) little programs passed along social networks and they generally don't know much about internet security.

So, what I would recommend is something like Little Snitch which is currently in Beta for Snow Leopard. It's a fire wall and monitors just about all communication that goes across your computer. If you use VMWare/Parallels/Bootcamp I would get an AV program for a Windows install.

For those that say, I've never gotten infected. Well, all things being equal, you're in the minority. Just about everyone on the net is being sniffed out for open ports, malware/trojan installs and general openings. If you don't have a router (firewalled) you're very vulnerable if you don't have a real firewall/AV package. Vista's firewall is pretty simple and XP's is weak. All it would take for someone to enter your computer is anonymity and desire.

The second thing I would do would be to do some google searches on safe internet practices and read up. Active X, Flash, Adobe Reader, false dialogue boxes, RPC port exploits, Svhost obscurity... the list of pitfalls is pretty vast. It's wise to know a little about it.

The worst viruses in PC history were spread via common (and open) network ports. Ports that do not exist (in the same manner) on Mac's. As a professional IT person on a team supporting a 10,000+ computer network I can honestly say Windows is only as secure as it is due the the diligence of Microsoft. If they didn't send out 1000+ security fixes every year for Vista machines over the world would have crashed and burned long ago.

Mac ports are handled a bit differently than on PC's but they still must comply with standards, thus, it is entirely possible (and likely) that Mac's can be conduits for spreading worms and viruses to PC's without themselves being infected. We find viruses on Mac's on our network and they are generally spotted by the server AV software once they get on the network. Trojans are extremely prevalent on business networks due to Active Directory ports required to establish connections. Kids are also the most targeted population on the net because they use sharing programs, use obscure (cute) little programs passed along social networks and they generally don't know much about internet security.

So, what I would recommend is something like Little Snitch which is currently in Beta for Snow Leopard. It's a fire wall and monitors just about all communication that goes across your computer. If you use VMWare/Parallels/Bootcamp I would get an AV program for a Windows install.

For those that say, I've never gotten infected. Well, all things being equal, you're in the minority. Just about everyone on the net is being sniffed out for open ports, malware/trojan installs and general openings. If you don't have a router (firewalled) you're very vulnerable if you don't have a real firewall/AV package. Vista's firewall is pretty simple and XP's is weak. All it would take for someone to enter your computer is anonymity and desire.

The second thing I would do would be to do some google searches on safe internet practices and read up. Active X, Flash, Adobe Reader, false dialogue boxes, RPC port exploits, Svhost obscurity... the list of pitfalls is pretty vast. It's wise to know a little about it.

I have a fire wall and a router. I also have parallels and have several types of protection on the Vista side. So you would recommend Little Snitch for Leopard? I haven't up graded yet.

I have a fire wall and a router. I also have parallels and have several types of protection on the Vista side. So you would recommend Little Snitch for Leopard? I haven't up graded yet.

If you want the 'comfort' of being able to see all connections to and from your computer then yes, I would recommend Little Snitch. It's very affordable and has a light footprint. I don't see any difference in Geekbench scores while it's on.

Is it necessary? It's debatable, but for the cost and the piece of mind I think it's well worth it. The beta version isn't complete yet, so it's going to hit on just about everything. It's a bit anoiynig, but in a day of surfing I've only seen it pop up twice because Microsoft's Hotmail certificate changed last night and verisign. Little Snitch leverages UNIX so it's a very small, yet robust firewall.

If you want the 'comfort' of being able to see all connections to and from your computer then yes, I would recommend Little Snitch. It's very affordable and has a light footprint. I don't see any difference in Geekbench scores while it's on.

Is it necessary? It's debatable, but for the cost and the piece of mind I think it's well worth it. The beta version isn't complete yet, so it's going to hit on just about everything. It's a bit anoiynig, but in a day of surfing I've only seen it pop up twice because Microsoft's Hotmail certificate changed last night and verisign. Little Snitch leverages UNIX so it's a very small, yet robust firewall.

Thanks,

My Grandfather used to have a vacation place in Arroyo City.

Wish I had a vacation home up north at the moment... darn hot down here.

Wish I had a vacation home up north at the moment... darn hot down here.

Yeah I could never understand my grandfather. He lived in Houston and spent a good deal of the summer way down in the valley. Like going from the pan into the fire.

Wish I had a vacation home up north at the moment... darn hot down here.

Are you in Brownsville?

No, I'm in McAllen about 45 minutes away and 1hr from the beach :)

Leopard Security Configuration Guide (http://images.apple.com/support/security/guides/docs/Leopard_Security_Config_2nd_Ed.pdf) from Apple. They have not yet posted one for Snow Leopard. This is a LARGE pdf file (240 pages).

To be honest...I am still trying to find some sort or virus protection for my Mac. The fact that after a month of searching with no results, I think I am safe. Just of course watch what you are downloading and the websites you are on.

for the time being, it's the same as buying snow-tires in Arizona. it's not likely to snow there for some time...


Flagstaff Arizona averages about 8 feet of snow per year. That makes it the 8th snowiest city (Not including Alaskan cities) in the US.

I'd buy snow tires if I lived in that part of Arizona. ;)

No, I'm in McAllen about 45 minutes away and 1hr from the beach :)
I know McAllen. Its been YEARS since I've been down there but it sure is great country. My grandfather was right on the waterway and not far from the bird sanctuary.

Don`t buy anything. Macs are known for having very few viruses. And if you somehow managed to get a virus, you screwed up pretty bad yourself.

Viruses are all on you, not the computer. Just don`t open every new thing.

You will need to give it your administrator password to install anyway. be smart about what you are downloading and you will be fine.

I have been using a Mac for 8 years now, without any anti-virus protection, just keeping all my things backed up and have never had a problem.

15 years use here.

A Mac Pro and a Macbook Pro.

No need what-so-ever!

Figured Id give a little input seeing how this is an interest of mine.

Macs actually have very bad security. OS X is behind on memory protections and necessary preventions for many types of attacks.
This actually changes between 32 and 64bit as well, not to mention the ASLR implementation is pretty off.

just my .02, Id run a windows system far before I did a Mac if security were an issue.

Figured Id give a little input seeing how this is an interest of mine.

Macs actually have very bad security. OS X is behind on memory protections and necessary preventions for many types of attacks.
This actually changes between 32 and 64bit as well, not to mention the ASLR implementation is pretty off.

just my .02, Id run a windows system far before I did a Mac if security were an issue.

If security was an issue, OS/2 FTW, nobody makes anything for that system ;)