Protect me from evil
March 5, 2009 7:30 AM   Subscribe

What security / anti-virus tools should I use to protect my Mac?

Currently I'm only using the security updates Apple pushes out and Little Snitch.

I'm a relatively new OS X user so I'm not sure what is worth using and what isn't. Specific software recommendations are what I'm looking for. Free / open source is always preferred. But if something is really useful and well made (like Little Snitch) I don't mind paying.

My one software specific question would be what do you think of ClamXav?

I'm really not interested in safe browsing, phishing, etc. advice or discussions or of the superiority of various OSes security.

Thanks in advance, you are the best Ask.Meatfilter!
posted by bytewrite to Computers & Internet (18 answers total) 4 users marked this as a favorite
You should not type your login password in if you haven't specifically asked some software to install. That's about it.
posted by odinsdream at 7:32 AM on March 5, 2009

It's kind of hard to say definitively which is best, since there hasn't really been a serious zero-day exploit yet to test the effectiveness of their responses.

Personally, I wouldn't pay a dime for Mac AV software. I use ClamAV from the command-line- hadn't realized there was a GUI put together, may have to check that out.
posted by mkultra at 7:35 AM on March 5, 2009

To explain a bit more, take a look at the McAfee threat database for OS X, which turns up eight results, all of which require you to manually install, which will require you to type in your password. Many of these are bundled as part of pirated versions of popular software, so if you download pirated software exercise caution, obviously.
posted by odinsdream at 7:50 AM on March 5, 2009 [4 favorites]

Don't bother. There's no reason to run AV on macs right now.
posted by unixrat at 8:02 AM on March 5, 2009

Only type your OS X password during software installs you initiate, and use ClamXAV to scan files you may pass on to Windows users. That's about it.
posted by santaliqueur at 8:19 AM on March 5, 2009

Yep, there was just a recent study done on this (I hate when I lose links), and the consensus is that there is still absolutely no reason to buy/run AV software on a Mac. And furthermore, if you use Gmail or any other popular email service, that will scan files that you're receiving or passing around automagically.
posted by fusinski at 8:26 AM on March 5, 2009

Maybe I am just a bit paranoid but I can't be comfortable just not doing anything. I think what got me thinking about it was when I saw on a few blogs Apple recently started recommending anti-virus software be installed. Maybe Apple is just being overcautious or trying to push anti-virus software, I don't know.

I understand that the number of threats are limited at the moment but that doesn't mean things will stay that way. I guess I'll just make sure I have my machine locked down and keep an eye out.
posted by bytewrite at 8:38 AM on March 5, 2009

Apple almost certainly recommended using anti-virus software for the eventuality that someone installs a virus on their computer and tries to sue the company for claiming to be safe from viruses.
posted by Fleebnork at 8:43 AM on March 5, 2009

Did you even read the update?

Be smart*, don't install pirated/torrented software, and don't worry about it. Run ClamAV if you want but I don't even know what it would be doing. Will there be a point in the future where Mac users will need to start running AV? Maybe. But why waste your time on a threat that doesn't currently exist?

*Don't ever enter your password unless you know what you're doing it for and why.
posted by 6550 at 8:51 AM on March 5, 2009 [1 favorite]

Its not strictly AV but I'm a big fan of little snitch.. I wish there was a non-zone alarm equivalent for PC.
posted by zennoshinjou at 9:11 AM on March 5, 2009 [1 favorite]

zennoshinjou: I use the Comodo Firewall. I found it through some recommendations elsewhere on the web, and from what little I know about Little Snitch, it's very similar. </thread-jack>
posted by niles at 9:43 AM on March 5, 2009

You SHOULD be comfortable with doing nothing because there are simply no OS X viruses in the wild, and therefore purchasing anti-virus software is pointless because you cannot prevent what does not exist.
posted by fusinski at 10:40 AM on March 5, 2009

I run ClamXav (via ClamXav Sentry) on my early 2008 MacBook Pro (2.4Ghz 4GB RAM) and it works well.
I set it up to scan my Documents and Downloads directory, so as I'm downloading things via Firefox or copying things to my Documents folder via Samba, its scanning to make sure theyre clean.

I do it more to protect my Boot Camp partition, any Windows Virtual Machines I have set up through VMWare Fusion and anything I might pass along to friends/coworkers via thumb drives or other removable media.
posted by Fiat124 at 11:10 AM on March 5, 2009

I run Symantec AV on my Mac, because my workplace requires all computers to have antivirus programs installed and running. In the two years I have worked here it has found exactly one virus, and that was a Windows virus on a USB drive.

Thanks to Microsoft's removal of VBA in Office 08 I don't even have to worry about macro viruses!

However, even if it weren't required, I would still run AV software. Why? It's a courtesy. My house may be locked, but if I see someone breaking into the neighbor's place I'd call the cops. If you share documents or resources with others who don't use Macs, it's polite to be certain that you aren't passing along viruses in the process, even if you're immune. Some people don't like the overhead, but hell, my laptop has 4 gigs of RAM, so I don't feel like I'm overtaxing it by running AV.

Other than that, I run WaterRoof to give me more options for my firewall. And usually I keep my system in stealth mode behind a Linux server/router, which is itself configured to reject any nonsolicited traffic except on a very small number of ports, all of which are monitored for intrusion.

When I'm not behind the router, especially if I'm on an unsecured wireless network, I use Shimo to handle VPN connections or SSH tunnels through my server.
posted by caution live frogs at 11:30 AM on March 5, 2009 [1 favorite]

Maybe I am just a bit paranoid but I can't be comfortable just not doing anything.

I'd like you to try out something. Go to any of the main anti-virus manufacturers and search their virus databases. First look for Windows viruses that infect your system without any user intervention. Count them.

Do the same search for Mac OSX. Count them.

The only legitimate reason to use AV on a mac is if you want to catch instances of Windows viruses, which can of course not do your system any harm, but could cause harm to Windows systems if you moved those files there, as caution live frogs mentions. This is primarily why antivirus software even exists for Linux and Unix systems, because they're frequently used as mail or file servers for Windows clients.
posted by odinsdream at 11:40 AM on March 5, 2009

Maybe I am just a bit paranoid but I can't be comfortable just not doing anything.

Go outside. Find a pretty rock. Bring that rock inside and place it next to your Mac, and your Mac will not get any viruses - and you can feel that you've done something.
posted by dmd at 5:48 PM on March 5, 2009 [3 favorites]

I'm assuming you're new to OS X from previously being a windows user. You should take time to learn the reasons why windows has such problems with spyware and Macs do not. When you understand that, you'll understand why windows has such huge security issues.

The short version is that windows gives access to parts of the system that Mac OS X does not. Super-techie types love this aspect of windows because it gives them the ability to tinker with things that most of us wouldn't even have a clue about - but the downside is that hackers can do awful things by exploiting those parts of the OS. Also, Windows has much a larger user base, so hackers focus on it.

I've been using Macs since before there was an internet, and I've never had a problem with viruses, etc.

Now - if you want to protect yourself from evil, I'll give you a piece of advice. Buy a huge external hard drive. They're dirt cheap these days, so just suck up and do it :) ...then, buy a piece of software called SuperDuper! It's cheap, and it's awesome.

Basically, Superduper creates identical backups of hard drives that are bootable. Here's a how-to. Personally, I think superduper is better than Time Machine in terms of saving you from catastrophe because if a drive fails, you've got a duplicate that is only a day or two out f date (I back mine up three times a week automatically. I had a drive flake out recently [cough - due to something dumb I did while tinkering with Ubuntu - cough - 100% my fault]. I had nothing to lose since I had a clone of how my HD had been before I did the dumb thing :)

P.S. Welcome to OS X.
posted by 2oh1 at 10:59 PM on March 5, 2009 [2 favorites]

Honestly, I think Anti Virus is a loser technology. In a sense, it's trying to solve the Halting problem. This means you can get close but never perfect. You'll always be at the mercy of poorly written software.

As long as you balk at the expense of writing secure software, you'll be in jeopardy. The costs are not just dollars, but also features delivered to you at a slower rate, and maybe even less "powerful" software.
posted by pwnguin at 2:21 PM on March 31, 2009

« Older Suggestions for a full day stop over at JFK?   |   Need advice re. crossing U.S. border for my... Newer »
This thread is closed to new comments.