Anti-Virus Software

Tanabe

Hi Folks,

What is the best anti-virus package to use for my mac?

Cheers!

Dont be at yourself

You don't really need one, if you ask me.

Rebeller

Tanabe wrote:

Hi Folks,

What is the best anti-virus package to use for my mac?

Cheers!

Since you're going to be interacting with the PC community at some stage (sending/receiving files) this means that you could act as a carrier for any PC virus or other malware.

It's a good idea to have an anti virus package installed on your mac to ensure that you're not passing on any unsavoury extras to your Windows friends.

There's no need to splash out on any bloatware like norton anti virus though. ClamXav (open source freeware) should be perfectly adequate for your needs. It's not quite as user friendly as your typical run-of-the-mill antivirus programme and does not have the ability to move/delete infected files. It will simply alert you to the presence of a virus and leave it up to you to do something about it.

There's a bit more work involved in setting it up to monitor your system effectively.

After installing and setting up I'd recommend downloading the EICAR virus test file (it's not a real virus just a file that is used to test the detection capabilities of anti-virus software) You should download several file types (text file, compressed file etc. and place themin various locations on your hardrive). Clamxav should detect them all and show a warning message. It isn't a virus so there's no danger of doing any damage to your system.

Info about EICAR is available here

You can get ClamXavhere

It might be a good idea to read the FAQ and documentation pages before installing.

uncle_sam_ie

Why use up valuable space, memory and CPU cycles to protect your PC friends. They made the choice to go with windows let them deal with it. All you need to do to keep your Mac safe is,
-Keep a firewall on.
-Make sure your system is always up to date.
- Run as a standard user not as Administrator.
-In the Safari preferences turn off "Open safe files after downloading"
- Right click or command click files to see what they want to open with. A downloaded jpeg wanting to open in terminal is a red flag.
-Keep up with the Mac new sites. If a major virus were to hit, the Mac community would be all over it. They'd come up with a fix quicker the any AV program.

If you must have AV because your work or school requires it then go with ClamXav. It's free.

Tanabe

Thanks for the replies guys.

Sajan

What are the reasons for not running as an administrator?

Nature Boy

Sajan wrote:

What are the reasons for not running as an administrator?

Cos root has access to things you don't really need access to in your daily usage! You're normal account should have the priviliges you need

uncle_sam_ie

Also, if your running as a standard user and some malicious program tries to install itself you will get a pop-up warning asking for an admin name and password. Unless you type in your name and password that malicious program can't get into your system. This is all thanks to OS X being based on UNIX.

pa

Nature Boy wrote:

Cos root has access to things you don't really need access to in your daily usage! You're normal account should have the priviliges you need

In OS X, "root" and "administrator" are two entirely seperate accounts. There are 3 account types - normal, administrator, and root. Root has no security restrictions whatsoever, and there is no good reason to ever directly log in as root. It is disabled by default in OS X.

Normal users and Administrator users have exactly the same security priviliges. The difference between the two is that Administrators have an entry in the sudoers file which allows them to enter their own account password in order to temporarily elevate their privileges to root. When OS X presents you with a dialog along the lines of "The Installer requires you to enter your password", this is what is happening. The dialog is calling sudo and doing whatever it needs to do as root.

If you are the only person who uses your computer - so that there is only 1 account set up - then that account *must* be an administrator.

pa

uncle_sam_ie wrote:

Also, if your running as a standard user and some malicious program tries to install itself you will get a pop-up warning asking for an admin name and password. Unless you type in your name and password that malicious program can't get into your system. This is all thanks to OS X being based on UNIX.

The program can't access areas that you don't have privileges for, but it can still wipe your user home folder, or inspect all your documents for sensitive info, send email to anyone in your address book, and so on. It can also sit quietly in the background until you type your username and password into some completely-unrelated authentication dialog, at which point it can piggyback onto sudo during the grace period, and be granted full root access to your system.

uncle_sam_ie

Thats not as easy as you make it out to be. This would have been exploited long ago if it was. If you know of a scrip that can do that please let me know because there are a few banks I'd like to hack into that are running UNIX. How would an AV program stop that in time. If your on top of the Apple news websites, you'd be well informed on how to deal with an exploit like that. Also, I'm the only one on my Mac and I've got an admin account and a standard account. You don't have to be running Admin only if it's just you on the Mac. I'm not at all saying OS X is completely ROCK solid but, it was built on a good foundation unlike windows.

pa

uncle_sam_ie wrote:

Thats not as easy as you make it out to be. This would have been exploited long ago if it was. If you know of a scrip that can do that please let me know because there are a few banks I'd like to hack into that are running UNIX. How would an AV program stop that in time. If your on top of the Apple news websites, you'd be well informed on how to deal with an exploit like that.

It's not an exploit, this is how it works by design. It's the way sudo has always worked, and it is a long standing weakness of Unix and Unix-like systems.

http://www.macosxhints.com/article.php?story=20050519125822728

There's no need for a script to do anything, there's no great trick to it. It's what's supposed to happen. It simply means that running any arbitrary program you download from the dark corners of the web is not a good idea on *any* OS.

uncle_sam_ie wrote:

Also, I'm the only one on my Mac and I've got an admin account and a standard account. You don't have to be running Admin only if it's just you on the Mac.

Yes, you do. You stated in the sentence above that you have two different user accounts! If you had just one, OS X would have insisted that it be an Administrator account.

Note that I don't have any particular problem with this. I believe you *should* normally run in an Administrator account in OS X. Disabling the sudo grace period and not allowing Safari auto-open "safe" files are good moves, though.

uncle_sam_ie wrote:

I'm not at all saying OS X is completely ROCK solid but, it was built on a good foundation unlike windows.

Window's security problems are caused by bugs, insecure default settings, and the size and profile of its user base. Its actual security design is very good.

uncle_sam_ie

"Disabling the sudo grace period" Thanks pa, good safety tip.

Tanabe

Wow! Some interesting responses there;) To recap am I right in saying as long as I:

1) Have my firewall switched on
2) Am logged in as 'administrator'
3) Keep an ear to the ground for mac virus newsflash

all should be fine?

Urban Weigl

You don't need to keep your ear on the ground: if somebody ever manages to create a Mac virus, there will be 24/7 continuous coverage on all terrestrial and satellite TV and radio stations!

Perhaps not quite, but you know what I mean. It'll be huge news. The reason there has been no virus for Mac OS X isn't as much because it only represents 5% of the market, it's because it is very hard to do, some would say close to impossible.

Why do I say that? First of all, Mac OS X has been out for years, and there were lots of viruses for previous versions of the Mac OS, e.g. Mac OS 6, 7, 8 and 9. In other words, if it was possible, there'd be plenty of viruses for Mac OS X at this point, especially due to the publicity that could be attained by any budding virus writer.

That's not to say that someone could not write some spyware, and socially engineer you to give it your administrative password. What does that mean? Just because you're using a Mac, don't assume you should install software from spam email and give it your passwords!

As far as running anti virus software to protect Windows users, they need to run anti virus software anyhow, so there's really no point in doing so. And secondly, it's very unlikely you'd forward them a virus infected file. Or is the first thing that crosses your mind when you get an email about viagra with a weird .exe attachment to forward it to your Windows using friends? If it is, you should get anti virus software to protect your friends from your stupidity!

Urban Weigl

But to give you some practical advice, as has already been said, turn off "Open 'safe' files after downloading" in Safari.

You can do this by going into Preferences under the Safari menu, and simply uncheck the box next to it.

And also use some common sense. If an app you got from a dodgy source asks you for your password for no good reason, simply click cancel to block it!

pa

Urban Weigl wrote:

And also use some common sense. If an app you got from a dodgy source asks you for your password for no good reason, simply click cancel to block it!

If you've already opened a dodgy installer, then it's too late - it has root access, and can do as it pleases, without any prompt whatsoever. Shocked? Well, wait till you find out that this is normal behaviour documented by Apple:

http://www.macgeekery.com/tips/security/how_a_malformed_installer_package_can_crack_mac_os_x

The lesson from this, and from the deplorably insecure way Apple first delivered Dashboard http://seclists.org/fulldisclosure/2005/May/0426.html, is that we can't afford to be complacent when running OS X. We don't even need to wait for exploitable security bugs in the OS (of which there are several) when Apple seems determined to introduce them by design.