Menu
yARN: Hands up, who's in favour of antivirus

yARN: Hands up, who's in favour of antivirus

Modern AV has gone beyond simple pattern matching and uses multiple techniques in order to detect malicious code.

One of the most heated arguments you’ll hear within the Mac community is whether or not “antivirus” software should be used.

I use quote marks because that’s still the most frequently used term, even though things have moved on and such software detects a wider range of malware than just viruses. In some cases it addresses non-malware threats, but AV is a convenient abbreviation.

The anti side typically points to the scarcity of Mac malware and the difficulty of producing malware that can slip under the operating system’s defences without the user noticing. They also tend to assert that AV puts an unnecessary load on a system, though that’s usually based on experience from an earlier era when Macs had a small fraction of the performance of today’s systems and the AV software hadn’t been through so many cycles of optimisation.

Another somewhat outdated view is that AV can only protect against known malware. Modern AV has gone beyond simple pattern matching (largely in order to cope with the huge variety of Windows malware) and uses multiple techniques in order to detect malicious code.

Those favouring AV - and I should reveal that I’m in that camp - agree that while there are no actual viruses affecting OS X, there’s enough malware around to make it worth adding to the protection that Apple has built into the operating system such as XProtect (the old school definition-based blocker that gets updated after a major outbreak), Gatekeeper (which displays a warning the first time you run a piece of unsigned software), and the restricted rights granted to non-administrator accounts.

It’s all very well to say you can spot a Trojan when you see one, but a single variant of the Flashback malware infected more than 650,000 Macs in April 2012. The exact effects of Flashback varied between variants, but included password stealing and click fraud. Crucially, some versions installed completely invisibly: were no fake Flash update dialogs, no requests for an admin username and password - Flashback installed silently if you visited a web page that had been designed or hacked to deliver it. Yes, it did exploit a Java vulnerability and not all Macs have that installed, but Java isn’t an especially exotic piece of software.

Modern malware gives no obvious indication that a Mac had been infected. That’s a survival characteristic: stealthiness means the user is unlikely to notice that anything’s wrong, so the malware can remain on the computer quietly dribbling out spam or phoning home when it captures a new set of credentials. Without AV software, how do you know there’s a problem? In some cases the tech media publicises the names and locations of files associated with malware, but that probably doesn’t come to the attention of the average user. (Conversely, if you do experience a problem with a Mac it is unlikely to be related to malware.)

These ruminations were prompted by the latest Mac Security Review from ,a href="http://www.av-comparatives.org">AV-Comparatives. This report tests various aspects of eight packages including Kaspersky and Sophos, but not Norton or the programs available from the Mac App Store. The latter may have been a deliberate omission, as Apple’s requirements rule out security software that performs on-access/real-time scanning. In my opinion, AV that only tells you when you’re already infected is very much second best to software that can detect malware before it has a chance to run.

The good news is that seven of the eight provided 100% detection of AV-Comparatives’ collection of Mac malware, and six provided 100% detection of “very prevalent” Windows malware. Passing Windows malware to a colleague or client is best avoided, and that’s another reason why you may want to install AV on a Mac.

I would be happier if the Mac Security Review placed more emphasis on the products’ ability to detect phishing attempts, as in my experience a dodgy email is more often an attempt to steal your credentials for a web site (especially Internet banking) than to install malware on your computer. Only three of the packages passed what was arguably the most elementary test of phishing protection.

Again, a reasonably aware user may be able to spot phishing attempts, but is everyone that uses your Mac “reasonably aware”? Can you honestly say you’ve never clicked on a link in an email without first checking that it leads where you expected? Wouldn’t you prefer your computer to step in when you click on a link that takes you to a known phishing site? The Safari, Chrome and Firefox browsers include phishing protection, but apparently they all use Google’s Safe Browsing service. I’d feel happier with an additional line of defence from a security vendor: “That email has been quarantined because it links to a known phishing page.”

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags ApplesecurityXProtectcommentantrivrusopinionmalwareyARN

Upcoming

Slideshows

In Pictures: Houston, we have a bug - 9 famous software glitches in space

In Pictures: Houston, we have a bug - 9 famous software glitches in space

There’s never a good time to run into software bugs, but some times are worse than others - like during a mission to space. Spacecraft of all shapes and sizes rely heavily on software to complete their objectives. But those missions can be quickly ended by the simplest of human errors when writing code. The omission of an overbar here or overflow error checking code there can mean the difference between success or failure, not to mention the loss of hundreds of millions of dollars, years of work and, on manned missions, human life. Use the arrows above to read about 9 examples that show that, despite the care with which these systems are built, bugs have occurred in spacecraft software since we started to fling rockets into space - and will, no doubt, continue to crop up.

In Pictures: Houston, we have a bug - 9 famous software glitches in space
IN PICTURES: Windows 10 Sydney launch

IN PICTURES: Windows 10 Sydney launch

Tech lovers and party-goers alike headed down to Mrs Macquarie's Chair to be part of the world-first Windows 10 Launch Party. The night featured a presentation by Microsoft Australia managing director, Pip Marlow, DJs, live demonstrations and digital artistry by Lister.

IN PICTURES: Windows 10 Sydney launch

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments