The hoopla surrounding the Conficker worm has taken the computer security world by storm. Headlines predict doom and gloom on April 1 because researchers believe attackers will activate the worm, gaining control of millions of zombie personal computers running the Microsoft Windows operating system. Conficker is a moot point with both a patched Windows and anti-virus software. What about those who have opted for Apple computers running the OS X operating system? Everyone knows anti-virus software is obligatory on Windows but is it even worth the hassle on OS X?
Although there are far less exploits available for Apple’s OS X operating system, the system does have vulnerabilities just like its Windows brethren. Apple publishes operating system security patches on a regular basis just like Microsoft and other operating system vendors. The platform is not immune to vulnerabilities so do not be lulled in to a false sense of security.
While it may be far more attractive for attackers to wield their wares at Windows because of the exponentially larger install base, OS X is entirely capable of being owned. Sure, OS X is relatively safe, but does that mean you should take the risk and not protect your system with anti-virus software as you would on any Windows workstation?
There are hundreds of thousands of malicious programs, viruses, Trojans, worms and other dangerous wares targeting Windows while there are less than 200 known to target OS X. That is a substantial difference and one better understood when you think about what drives attackers – money. Most security experts would agree that it is far more profitable for an attacker to target the dominant operating system rather than wasting their time with the OS X peanuts.
The bottom line is this – OS X is just as exploitable as Windows, but the incentive to divert resources towards abusing vulnerabilities in OS X is just not yet there. Does this mean it is worthwhile to purchase and install anti-virus software for your Apple computer?
I could offer you a very simple yes or no answer, but I do not believe that will ultimately be valuable. So let me respond to my previous question with this: it depends on what type of user you are.
Anti-virus software is generally resource intensive and relies upon unreliable signatures in order to protect your system. What this means is that if a new virus is released today, it requires the Symantec’s and McAfee’s of the world to research the malicious code in detail to determine how to adequately protect your system. Everyone is completely exposed from the time the virus is released in to the wild up until the point at which the Symantec’s and McAfee’s of the world release updated virus definitions which target the signature of the new malicious code.
I find this entire process to be overly cumbersome, time consuming and ultimately pointless if you are a responsible computer user. Although I do computer security for a living, and I hold the so-called coveted Certified Information Systems Security Professional (CISSP) certification, I am telling you that you probably do not need anti-virus software on your Mac.
But again, as I said previously, the real answer is it depends.
If you consider yourself a responsible user and rarely visit web sites remotely considered malicious, are paranoid about opening email attachments and have an email provider which makes use of both server-side virus and spam filtering then chances are you do not require anti-virus protection. It is imperative to rarely open email attachments or engage in what security researchers consider risky online behavior if you opt not to protect yourself with anti-virus software.
If you do actively engage in risky online behavior then definitely use anti-virus software. What is risky online behavior defined as? If you frequent potentially malicious websites, such as those operated by porn vendors, torrent tracker sites or sites generally designed to circumvent paying for software or entertainment (ie. music, movies, etc.), then you require protection. These sites are generally riddled with malicious code just waiting to ruin your day.
The average OS X user who does not engage in risky online behavior will not need to run anti-virus software at this juncture. One of the important aspects of information security is weighing the risk vs. cost. In this case, the risk is not worth the cost to your pocketbook and system resources because the threat does not currently exist.
In due time the landscape will most definitely change, especially as OS X is adopted in the corporate world. As more big businesses start using OS X, the more the operating system will be targeted since the financial incentive will make it a potentially worthwhile venture.
In the meantime, and until that day arrives, revel in the knowledge that the best protection against the Conficker worm is your Mac!
Finally someone who can explain exactly why OS X isn't safer that Windows, it's always a pain to discuss these sort of things with Apple people :)
April 1, 2009 @ 23:15
I continue to say the following: I am the firewall.
People who get viruses are messing around in things they shouldn't. Mac or Windows. I haven't gotten a virus for a good year and half so far.
April 2, 2009 @ 02:07
Fair shout and something I've always maintained that if you browse safely then you've got very little chance of being exposed to nasties. Thank you very much Scott for going over this and it's really put to bed the little niggles I had.
April 2, 2009 @ 02:48
Not required. Had several macs for about 6 years now with no problems. Then again I don't use anti virus on my PC's either. I just know how to take care of them. Why would I put a program on my computer that is know to significantly slow it down? Doesn't that kinda defeat the purpose?
April 2, 2009 @ 07:42
I always use virus protection on my PC but never on my Mac. On the PC the performance hit is negligible while on the PC it is not noticeable – something is wrong with this picture methinks. If the Symantec's and McAfee's want to see adoption of their anti-virus applications for OS X then they better up their game!
April 4, 2009 @ 17:53
Personally I think it depends on your sensibility, but generally- no.
There's just not enough out there at the moment to warrant an anti-virus with the Mac platform. That is to say- you don't click Yes to every dialogue box and type your password in whenever a strange application asks you to. That's just plain common sense. As much as I ever do is run ClamXav once or twice a year, takes an hour or so while I grab my dinner and it always comes back negative. (Only time it hasn't was when someone sent me a Windows-only virus and it picked up on that.)
It's not just the general Mac reasoning that makes me say this. Apps like Norton for Mac are horrible for slowing it down. My brother picked up a MacBook via his University and had Norton pre-installed on it (long story) so I tested out Photoshop with and without it. Found that rendering and saving a large image was hugely faster (i.e. 30 seconds from 50 seconds) without Norton. It just slows down osx and therefore your machine's life.
I'm still wary of course, times do change. Snow Leopard has added in a number of extra security features ( http://blogs.zdnet.com/security/?p=1325 ) which should sort out various methods of attacks which have been used before, but I still keep an eye open for important updates.
April 2, 2009 @ 07:59
Yah, I was just thinking that it's been a while since a major virus was released, but then maybe I've been out of touch. And I was thinking that given the crappy economy this would be the ideal time to boost Symantec's and McAfee's sales by releasing the biggest and baddest virus of all time. Call me a cynic but big business has earned every bit of it's bad reputation, so I'm wondering just how big the staff is on their pro-virus team. After all, they would go out of business if all these malicious nerds with an attitude and nothing better to do stopped trying to take over everybody's computer. I've always wondered how it benefited them to do what they do, and it would make perfect sense if they were getting paid to do it. It's exactly what big government (e.g. U.S.A.) does. They create problems to justify their existence and expansion. Well, maybe I'm wrong and there really are a bunch of bored nerds out there with unlimited time and money who simply want to make everybody else miserable. Let's hope so.
As for my Mac, the biggest problem I get is Firefox sucking up all the memory and CPU. I actually installed McAfee's Virus Scan a while back but it never runs and I can't figure out how to make it do anything – probably a blessing in disguise. So I'll just leave it as is. And my biggest worry about viruses is that my mother might forward some infected attachment (she likes forwarding cool stuff that she gets from other people) in email and I'll be stupid enough to open it. But like you said, even then the possibility that it will infect a Mac is pretty low. And that reminds me – I must backup all of my important data immediately.
April 2, 2009 @ 13:50
Firefox is definitely a memory hog on OS X. It is one of the major drawbacks, thus leading to the allure of Safari, which has no problem remaining speedy while not endlessly sucking away your resources. I've noticed that if Firefox is not shut down every now and again then it will ultimately eat your system until there are nothing but crumbs laying on your desk.
April 4, 2009 @ 17:55
Really good points there. Big business has a hand in creating some of the viruses and an even greater hand in blowing them out of proportion. A couple years back a virus was traced back to the creator who claimed the music industry payed them to attach viruses to torrent files to deter people from stealing music.
April 5, 2009 @ 07:14
I've heard from multiple sources that the Conficker worm wouldn't be a threat to Mac users, thank goodness
April 4, 2009 @ 16:50
As an Information Security Officer with over 25 years experience I find your recommendation telling people not to use anti virus on the Mac irresponsible. I support over 900 Macs and 200 Windows computers and can tell you the the Macs not only are capable of being infected by root viruses but by numerous email viruses. Also, many use “parallel and/or VMware running Windows making them very prone to all the ills on the Internet. Additionally, even if you are a responsible web user, it is difficult to protect yourself from the crackers exploiting “sane” sites with exploits. We don't use Symantec for the reasons you state but use Sophos which is a Mac based anti virus. Unfortunately, it is a business software product and not sold to the consumer market.
It's okay to express your beliefs but the level of understanding of those reading your response varies too widely.
August 21, 2009 @ 03:50
Michael: I don't believe we're blanket-advising folks 'not to use' AV on a Mac. I think what we're doing here is weighing the requirement for installing AV on OS X against current security risks and doing so in layman's terms. If you're a user on a current version of OS X (not running Windows in Fusion or parallel), and you're patched, and you're not surfing pornography or downloading unknown files, then [as the article states] “you probably do not need anti-virus software on your Mac.”
Granted – installing AV software on any system is an ideal step toward strengthening your virus protection — if you can afford the cost for an AV application and its performance hit on your system resources.
Installing AV software for 900 corporate Macs [like your environment] is a no-brainer. Installing AV software on a single home Mac with a patched OS X is debatable.
August 21, 2009 @ 10:58
Yes, security applications are necessary in Mac OS.
July 27, 2010 @ 10:05
No they are not.
August 9, 2010 @ 13:32
” OS X is just as exploitable as Windows” You pretty much discredited your entire diatribe in this one statement.
August 9, 2010 @ 13:26
Nice way to just pick out eight words out of context. How about you read the entire statement and the “entire diatribe” rather than finding some piece that matches an argument you would like to make.
The average OS X user who does not engage in risky online behavior will not need to run anti-virus software at this juncture.
That is right there in the conclusion of the “entire diatribe.” Did you not read it on purpose? Also consider reading Rich's comment above for further clarity on our recommendation.
August 9, 2010 @ 21:44