Video: Do Mac OS X users need antivirus?

By Liam Tung, ZDNet.com.au

29 May 2009 10:55 AM

Tags: antivirus, apple, auscert, mac, mac os x, security, security professionals, platform

video Do Mac OS X users really need antivirus and if so, why? ZDNet.com.au recently posed the question to security professionals at the AusCERT 2009 IT security conference on the Gold Coast.

In order to watch video content you need to enable javascript and install Flash player version 8 or above.

Embed on your site:

Many Mac users still avoid antivirus (AV) because of the belief that no one has made malware for Apple's platform. But over the past two years, attackers have started experimenting, typically by social engineering or luring a Mac user into downloading fake antivirus or codecs in order to bypass the application signing process that usually keeps a Mac safe.

Given the appearance of malware for Macs, albeit small in number compared to Windows machines, there's growing consensus amongst security professionals that antivirus is a "must have" for Mac OS X systems. Network security executive for IBM's security division ISS, John Pirc, told ZDNet.com.au that he used AV on his Mac because it is "better to be safe than sorry".

Another executive from encryption vendor RSA Greg Singh said the operating system doesn't matter — users should get used to the performance degradation that comes with AV because every platform is vulnerable. Microsoft senior security architect Rocky Heckman said AV became necessary when Apple in 2001 decided to underpin OS X Tiger with the BSD operating system because it made Macs an easier platform to write malicious code for.

One respondent said they'd even seen "botnet activity" on the OS X platform, while others referenced the popularity of the stylish computers as the reason for their being in danger.

But a lone security researcher, Peter Gutmann from the University of Auckland, New Zealand, reckons the AV-free world that Mac users have enjoyed is not quite over yet, and asks why spend money defending what's not being attacked?

What do you think? Do Mac OS X users really need antivirus software? Why or why not?

Talkback (36)
Print
E-mail
Share
- del.icio.us
- Digg
- Reddit
- Slashdot
- StumbleUpon

Talkback 36 comments

Add your opinion

I'm going to say no. Anonymous -- 29/05/09

The degradation of performance by using AV is not even close to worth it on a Mac. People in IT security are just paranoid as all hell. Which is fine, but let's not get too carried away here.

Let's talk real down time Anonymous -- 29/05/09 (in reply to #320139475)

It's true, AV software isn't fun and it reduces system performance but the loss of days worth of work to a virus versus seconds in waiting for applications to open and close hardly seems a difficult choice.

Most unbalanced article ever? Anonymous -- 29/05/09

Whilst I do enjoy most articles on ZDNet, every now and then you have one that leaves me scratching my head.

It was with amazing shock that you virtually had a 100% majority of people saying to use anti virus on Mac's.

However, considering this has done at ausCERT2009 I am not surprised.

It is definately within their interest to tell mac users they need anti-virus, regardless of it they do or not.

Mac OS X Users Anonymous -- 29/05/09

I have always used IBM compatibles, because of their early Floating Decimal Facility. Bear in mind i am not a Graphics user.
But i still cannot understand the type of mind that states categorically that a Mac cannot be Botted, or Spywared, Or hit with various viruses.

Any dedicated Programme Writer can create a virus ( maybe have already), which will create an instant super computer, be it Mac or IBM compatible.

These people must live in a world hidden under a mushroom

it has to do with being a Unix OS Anonymous -- 30/05/09 (in reply to #320139569)

yes, that's a common problem with people still using Windows. they don't realize Windows was never designed to be on networks, and is the reason it gets hit when connected to networks.

OSX and the whole UNIX family was designed from the very start to be ON networks... so the problems you are having can't happen on OSX.

There are ZERO Viruses on OSX for a REASON... now you know!

The lone guy is right Anonymous -- 30/05/09

Let's remember this is where businesses are trying to sell their software to mac os X. The lone guy got it right. There's no money to be made on mac's. The VAST MAJORITY, 93% or so, of the computers out there are WIndows pcs and many haven't been updated are just sitting ducks for the bad guys. Not so with Macs. That's not to say Macs aren't vulnerable. They are but there's no intrest in them.

And none of the guys stated there is a current problem just that there COULD be. All those in this video are just trying to scare you into buying their product.

No West Crosby -- 30/05/09

Has there ever been a virus for Mac OS X? No.

Trojans pop up every now and then, but there hasn't been a serious virus attack ever. The only reason to get anti-virus is to prevent you from spreading something to your Windows-using friends.

No, yet again Anonymous -- 30/05/09

Security experts in 2001 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

Security experts in 2002 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

Security experts in 2003 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

Security experts in 2004 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

Security experts in 2005 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

Security experts in 2006 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

Security experts in 2007 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

Security experts in 2008 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

Now in 2009 Security experts are saying, "Any day now Mac OS X will be hit with viruses/"

Is it any wonder that the people that sell anti-virus software are recommending that people buy anti-virus software even if there is no need for it? And now that Mac OS X has a 10% market share there is more profit in them crying wolf.

A dumb article, OSX already has AV Software Ted Landry -- 30/05/09

I really wish people would wisen up, Apple already provides all the security IN the OS... it's called "security update" and as long as you are current, you have nothing to worry about.

3rd Party AV software is a throwback to the Windows era... but today, if you are running Unix / OSX, there is NO NEED to pay extra... it's just a scam by AV companies that try and trick Windows users that now use Macs out of money.

True Mac users know, OSX can't be bothered by such attempts because of the way OSX is structured.

In 10, 20 years from now, you'll still see "scare articles" saying... "Any day now... Macs will be like Windows"...

Buzz... WRONG.

These people need to learn how Unix works, then learn how Apple made it even more secure with OSX.

Microsoft Senior Security Architect Said WHAT?! Derek Currie -- 30/05/09

"Microsoft senior security architect Rocky Heckman said AV became necessary when Apple in 2001 decided to underpin OS X Tiger with the BSD operating system because it made Macs an easier platform to write malicious code for."

Why did anyone ask Mr. Heckman his opinion? We certainly have no reason to care. Windows is the single LEAST secure operating system, commercial or Open Source, available on the planet.

Why Heckman's opinion is lunatic:

1) Apple didn't decide to underpin Tiger with BSD. NeXT decided to underpin NeXTStep with BSD decades ago! Mac OS X inherited it when Apple decided to make NeXTStep/OpenStep the foundation for Rhapsody, which was then developed into Mac OS X.

2) The three most secure operating systems on the planet have been repeatedly proven to be:
A) OpenBSD
B) FreeBSD
C) Mac OS X
Mac OS X incorporates elements of both OpenBSD and FreeBSD into it's core OS called Darwin OS. So what Mr. Heckman it talking about is incomprehensible. He is either a blithering idiot or is pulling a FUD manoeuvre by telling the opposite of the truth in order to fool the public that black is white, war is peace, hate is love, the usual double-speak routine from the book '1984'. Shame on Mr. Heckman.

This has to be one of the most dishonest statements from an Microsoft executives of all time. It is running neck-and-neck with Bill Gate's moronic statement that Mac OS X is exploited everyday, when it fact it is HIS operating system that is exploited every day.

Or maybe there's lead in the water over at Redmond. (o_0)

Thanks! Anonymous -- 31/05/09 (in reply to #320139744)

Yes, I too was going to comment on Heckman's assertion that BSD was introduced in Tiger of course he did say 2001 but regardless it doesn't give me a warm and fuzzy on this knowledge if he can't get simple facts right!

I have AV on my Mac but... Anonymous -- 30/05/09

I've been working extensively with Macs since about '88 or so and I've never seen a virus that did anything but threaten connected Windows users. I have never seen a Mac show any affects from having been infected. The Windows machines on my LAN seem to get infected with something regularly despite being protected by AV software.

I-Frame, PDF Vulnerability,Safari Vul Anonymous -- 30/05/09

WAKE UP! I-Frame redirect. PDF Vulnerability, Java Vulnerability, SQL Injection,Safari Vulnerability, Quicktime Vulnerability and a host of other Vulnerabilities that will be found in the future. The attack has just started by the novice and novice + hackers. Give it a couple more years for the pros to hit. We are not talking viruses here. Trojans and full out "ownage" of Root by the browser. How can you guys even know that you have been OWNED if you have zero anti-malware programs that could catch 50%-70% of the hack. They don't tell you these days like they did years ago. Total stealth and keyloggen you . Same with a silent low resource bot. Unix is only code. AND Apple SUCKS at security updates. 5 months and no Java fix **** poor lazy arrogance that will bit them if the Russin Business Network want to be heard with a high tech pownage Safari/Firefox OS X browser attack. Don't be too smug. OS X has never had pros hit it. It will fall just like MS does.

Couple more years? Anonymous -- 30/05/09 (in reply to #320139751)

You keep repeating that every year...mkay. Nothing is perfect eventually something will happen to OSX but to the extent of the problems on Windows? Maybe you better wake up. Microsoft put a single user system on the internet. All the other Os's on the planet are Unix or a variant of Unix except one...care to gues which OS that is?

http://rixstep.com/2/20090326,00.shtml

those are just "vulnerabilities"... Anonymous -- 30/05/09 (in reply to #320139751)

Sounds like you don't understand security...

Fort Knox is "vulnerable"... correct?

Then why hasn't anyone been able to break in and steal the gold?

THINK about it... the reason is simple... it is the MOST SECURE location in perhaps the entire world... OSX is the same thing... nobody can break in... there are far too many deterrents and watchful eyes on Fort Knox and OSX.

Nobody can get to Root from a Trojan, so don't be silly... You can only get to Root by PHYSICALLY being in front of a Mac and booting from another HD or DVD. So that ends that possibility.

On OSX we have a process viewer, so we know exactly what is running at all times. Nothing can get past an OSX box... nothing.

Apple is the No. 1 security conscious company in the world... that's why nobody has ever gotten through from the outside.

I've heard your type of ramblings for years, but one thing is always in common... You have never used OSX, nor understand how it works.

The best hacker & cracker minds have tried for years and years and years to get past OSX since it's the most GOLDEN prize of all of computerdom... but nobody has been successful.

Mac users are the most security aware users on the planet since they dealt with that issue decades ago... now they don't allow that type of activity...

Better luck next time!

Seems you don't too! Anonymous -- 31/05/09 (in reply to #320139821)

http://www.paulmc.org/whatithink/2008/06/19/mac-os-x-gain-root-privileges-through-applescript/

That's 30 seconds on google. Have to run

He He He. He has you on that one! Anonymous -- 31/05/09 (in reply to #320140075)

Root can be accessed remotely it seems You must not understand security then.

You didn't read it ZDNet is vested in AV software -- 04/06/09 (in reply to #320140075)

The second sentence says, "The exploit allows someone with physical access to a Mac to run programs as the Root user." 
 
There is no such thing as security if someone has physical access to the machine. For one, the "hacker" could just steal the box. 
 
The issue is "remotely" controlling the machine, which can only be done on a *nix box if the owner "allows" it, either intentionally or through his own stupidity. No OS can protect a machine from a user's stupidity. 
 
The followup article (concerning exploiting this vulnerability remotely) states, "the files have to be downloaded and executed by the user." And there's the stupidity part.

FUD FUD FUD FUD!... Derek Currie -- 30/05/09 (in reply to #320139751)

It's odd how FUD mongering trolls are so often 'anonymous'. "Apples SUCKS...", "poor lazy arrogance...", "Don't be too smug...", "It will fall...". All the buzz words and phrases I've heard since 1984 when the Mac was released. Ever wonder why Mac users get defensive? It's garbage like the above.

And now for some facts:

Apple has been lazy about security in the past. The one good thing that came out of the ongoing anti-Mac security FUD fest, started in August 2005 by Symantec, has been that Apple's attention to security has multiplied exponentially. Currently they ARE slow pokes regarding the Java vulnerability. What that means is that Apple has to continue to improve its security consciousness.

ALL the current Mac malware in the wild are Trojan horses requiring 'luser' error in order to be installed. There are, according to my count, 11 of them from 4 different families. There are no viruses, no worms, no illegal spyware/adware/keyloggers. All the legal spyware, of which there is a lot, require installation by someone with account access.

PDF, Java, SQL, Webkit (Safari & others), and QuickTime all have vulnerabilities, but they are add-ons to Mac OS X as well as other OSes. Apple's least secure software is QuickTime. It has received the most frequent updates of all Apple software since 2007, and another new vulnerability was announced just this week. But again, it is NOT Mac OS X. Therefore, the vulnerabilities these days are mainly software ADDED ON to Mac OS X, NOT the OS itself.

Pro hackers have already attacked Mac OS X via the Trojan.OSX.iServices series this past February. A botnet of over 10,000 Macs was discovered performing a DDOS attack via these Trojans.

I use 3 different Mac anti-malware apps and only ever find Windows malware. Why? I'm not a 'luser'. I'm careful what I install. I'm aware of social engineering tricks. And if I do get pwned, I use a reverse firewall to catch ALL outgoing calls to my network or the Internet.

I attempt to share factual Mac security information at my Mac-Security blog:

http://mac-security.blogspot.com

Unix Arc Bomb Trojan Anonymous -- 31/05/09 (in reply to #320139867)

About a year ago my Intego VB warned me that there was a Unix Arc Bomb Trojan downloading when I was on Zyxel's site. It repeatedly want to download and I repaired it and tried to quarantine it. I sent an email to to their webmaster of my logs and what page I received the Trojan. Two hours later their site was down for 2.5 days. Happened on Friday at 1pm and they were up again Monday at 10am. That tells me there was redirect code there. I kept getting this Trojan wanting to download. I normally have my NoScript engaged, but did not for some reason that time for their site. I tried to clear all the memory/cache from Firefox to no avail. I then tried a reboot thinking it was just in memory and a clean reboot would clear the repair out of system like in a PC.

It still wanted to download this Trojan all with different #s and letters I might add. I had a clone that was about 4 days old so I just wiped and recloned.

What is a Unix Arc Bomb Trojan and what and what did they do to me that this Trojan keep wanting to download more payload every 5 mins. Intego VB told me it was happening but something was in and the repair and quarantine did not stop the repeated tries. I assume a downloader programs was injected that Intego's definitions did not know, but it did know the payload they wanted to download.

Can you explain to me what is a Unix Arc Bomb and what all was happening in that event.

Unix Arc Bomb Anonymous -- 31/05/09 (in reply to #320140008)

Yes, you posted this to:
http://macdailynews.com/index.php/weblog/comments/18809/

And as of today you are still the ONLY person ever to report such a thing.

Let's ignore Safari,Quicktime,Java,Flash Anonymous -- 01/06/09 (in reply to #320139867)

Let's ignore Safari,Quicktime,PDF readers because they are NOT OS X and are add-ons. How illogical is that. You take OS X as it sits, you can't pick and choose to make your point. Example: Mark will be ok , his cancer is in his calf. There for, if it is not in his torso, it does not exist.

AV software show me the updates Anonymous -- 31/05/09

I have an AV software package for OS X that was required by my university. I have been doing an experiment for more than 2 years, every time the AV company creates a news headline, I do a check for updates to the AV product.
Guess what -- no updates.

So if I am being told there is a problem and there is not an update to the AV package is the warning real?

Is AV company really protecting me?

I see one, maybe two general updates a year for the AV package.

I am not saying AV is not good because I do have a windows environment to protect and the MAC systems and the windows boxes do talk to each other. I am not sure I see the benefit on MAC OS X.

max Anonymous -- 31/05/09

I haven't seen a virus on any of my four OSX systems EVER (I scan for them now and again). In fact, I haven't seen a virus on a Mac since the late 1980's outbreak of nVIR. Although someone may, some day, write a virus for Mac, I'm a close watcher of tech news and I will know about it. At that point I'll run up the freeware options (ClamAV etc) that will inevitably have updated their definitions to recognize it, and I'll deal with it then. The smart PC users who were hit a decade ago did exactly this,and that's what I'll do too. In the meantime, I watch the news and surf virus software free. I don't trust a single thing any 'security software company' says, since their interest is entirely in creating FUD.

Thank Gawd for Peter Gutmann! Anonymous -- 31/05/09

Someone that makes sense! Hey, I'm a typical user, I don't download warez or shareware from unknown authors etc., so I'm pretty sure the day a Mac virus hits I'll hear about it LONG before I'm exposed. I have Time Machine running and pretty much feel as though until there is a reason to bog my system down I'll keep going as I have. These articles have been published year after year after year. Rinse and repeat!

We know it will never be like Windows Anonymous -- 31/05/09

Some of us who think OS X is vulnerable to malware and think there will be a time when the pros will hit it good, do NOT think it will ever get to be like Windows. I don't think Trojan.OSX.iServices is a "Pro job" I think the Russian Business Network can build a multi faceted OS X attack that would have many to eat crow. It will just take them to feel there is $$$ there to have their code guru's to build an advanced attack. Not a simple puff ball iService Trojan.

Thank God Clam is including OS X finally Anonymous -- 31/05/09

Thank God Clam is including OS X finally . My Untangle UTM uses Clam at the gatway to scan all incoming http. Keep pushing the Clam definitions team to include OS X malware!!

http://www.untangle.com/

http://www.untangle.com/video_overview/

Oh my... how ridiculously stupid... John Klos -- 01/06/09

What was the point of this? These people make their living PLAYING UP security problems to justify their salaries. It's like asking car salespeople if people should be buying cars more often.

The fact of the matter is that Windows and Mac OS X are completely different. No viruses (please actually look up the definition of "virus" before your kneejerk response) have EVER existed which can exploit Mac OS X.

Do OS X users need antivirus? No.

Do Mac OS X users need anti-virus Luiz de Almeida -- 01/06/09

Most of the Dudes interview were Sales Floor people and many of their products now sell relevant product to the question.

NO is the answer.

You would need to give the Virus permission to infect you - so ensure you know what you are installing. Use Authentic software and you will be fine.

Anyone here had a virus on a mac? Anonymous -- 01/06/09

I think we need to as has anyone here on a mac had a virus, if so explain and was it a serious attack?

Anyone here had a virus on a mac? Anonymous -- 01/06/09 (in reply to #320140691)

After nearly 20 years in IT support I have certainly seen viruses on the Mac's of my customers. None of them had any idea they even had a virus, believing the "HYPE" that it was not possible.

Was it serious? It was serious enough that they could not do their work and had to call for IT support to fix the problem!

We got the No Virus thing It's a MALWARE problem Anonymous -- 01/06/09

Let's all agree about the no virus thing on OS X. Let's all move to the malware issue that is were "it" will all happen.

Everyone who posted here is 500% more aware about Mac security then some Joe average who saw the switcher ads. I have switched a couple of people that will without question click links and get suckered into a hack. There are millions of Mac owners that will get suckered into social engineering. All you guys are better then that!!

You will never get hacked from your own stupidity, but millions of Mac owners will. Mac anti-malware is for them, NOT YOU!!!

MAC OS X Virus Anonymous -- 01/06/09

here's one just google OS X virus and see what you get back..
http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html for a start. What more can I say...

On this virus: Anonymous -- 04/06/09 (in reply to #320140821)

There was a story circulating this week that The First Virus For Mac OS X had arrived, but it turned out to only be a relatively innocuous worm embedded in a file called "latestpics.tgz" promising pictures of "MacOS X Leopard." The worm required the user to download, decompress and execute the file then enter their admin password to cause any damage.

Admittedly, there are users out there, Mac and Windows, that are that stupid that they will blindly punch in their administrator password even if randomly asked. These are the same people that disprove darwins theory of evolution by merely existing.
Left to their own devices these people will happily destroy their PC's then get angry and blame others. These are the people that the antivirus software is marketed to.

Really, it shouldn't be called antivirus for mac, but anti-stupidity. Thankfully I don't work in marketing.

Mac Crazed Anonymous -- 02/06/09

If I'm a malware writer I'm going after Macs just because most Mac users believer believe they aren't suseptable, and as a result don't have the correct security in place.

I would guess 90% of the Mac's out there are vulnerable. I should know, I'm a Mac user and I have no protection in place :)

AV software detects Viruses, not Malware. Anonymous -- 04/06/09

"Many Mac users still avoid antivirus (AV) because of the belief that no one has made malware for Apple's platform." 
 
AV software detects Viruses, not Malware. Maybe zdnet needs a security lesson...