Paul Thurrott's SuperSite for Windows
Home > Type > News > About Macs and AV software

About Macs and AV software

Dec. 3, 2008 Paul Thurrott | Paul Thurrott's Supersite for Windows

I’ve gotten a silly number of emails from people regarding a recent story where Apple was purportedly recommending that Mac users install multiple anti-virus (AV) solutions. This was seen as pretty humorous, I guess, given the Mac’s security aura and the fact that many of Apple’s commercials deal with supposed virus problems on Windows.

But I didn’t post anything.

And today comes news that it was all a mistake.

"We have removed the KnowledgeBase article because it was old and inaccurate," Apple spokesman Bill Evans, told Macworld. "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box.”

So here’s the thing. If you actually read the original note, it referred to “Mac OS” not “Mac OS X.” Apple never refers to Mac OS X as “Mac OS.” So this read like it was referring to the company’s classic, pre-OS X operating system. Which, apparently it was.

Also, I would say that while I don’t use OS X regularly anymore (who would with Windows Vista and 7 around?), I would never install AV on that system, ever. And that’s true even if I were using it 24/7. It may not last, but for now at least, Mac users don’t need AV. That’s the simple truth.

Put simply, I didn’t post about the original AV story because I didn’t think it was newsworthy. Funny, maybe, but then it didn’t feel right either. And I guess it wasn’t.

Discuss this Article 118

hodari
on Dec 3, 2008
I fail to understand why we cannot keep this thread to the point and avoid personal attacks, religious attacks etc ?
MLomasIcomm
on Dec 3, 2008
Well it's pretty clear that threats exist for all platforms, Windows users are more exposed, and unless you really know what to look out for, then most people would do well to run on-access protection all the time. Mac users (I use a mix of both Macs and Windows PCs at home) often feel they are secure because of their OS choice - this is demonstratably false, however there are still significantly fewer threats on the Mac - so for most reasonably savvy users, occasionally running a good online scan will probably be sufficient. Only the less tech-savvy should look to install 'resident' on-access protection. Ultimately, this sort of thing always gets boiled down into a 'Your OS is s**t, mine is awesome!' argument, but when it comes to security, the OS you choose is only ONE element in how secure your computer(s) will be - a persons individual atttitude to security is perhaps the most important thing, and taking the attittude 'I'm Safe, I use a Mac' is dangerous. As for Waethorns assertations that he knows of situatutions where the use of Macs has nearly brought a company to it's knees - well, true or not, there are examples of people ditching a platform in their business in favour of something else all over the shop, some of them are true, some are embelished and some are downright fiction, but these stories do not, in any way 'prove' that the ditched platform was universally and fundamentally bad, it just shows that someone, somewhere along the line, got complacent - and got screwed over as a result.
Mum
on Dec 4, 2008
"I fail to understand why we cannot keep this thread to the point and avoid personal attacks, religious attacks etc ?" It's kinda hard because the original blog post was a religious attack.
lotsamystuff
on Dec 4, 2008
Sharky: Sometimes words have more than one meaning. From dictionary.com: "jihad: 2. any vigorous, emotional crusade for an idea or principle." Sounds like Waethorn and "mikegalos" to me.
Waethorn
on Dec 4, 2008
"You or tayme to provide statistics?" Blaster, Sasser, MyDoom, NetSky....they were all supposedly written by the same person. Blaster and Sasser didn't require user intervention because they would randomly attack blocks of IP addresses and look for a specific, unpatched security hole. That's a remote code exploit. If you know anyone that worked IT around 2003, you've heard how bad it was. Obviously you haven't, so next time, do your homework. "Vista, OS X, and Linux will at least prompt you to before you slit your own throat, and OS X/Linux will require you to enter a password before the knife starts cutting." Not true. There are viruses that masquerade as OS services, thereby bypassing UAC and the like. Remote code exploits, by definition, don't require user intervention. If a system service runs with system-level privileges (most do), and it contains a security hole, it's game time. "generally you mostly get a choice between being a journalist and having a blog like this." You obviously haven't visited ZDnet, CNet, eWeek, PC World, CNN, the NYtimes, the WSJ, or practically any other website that has a tech column. Here's a tip: If you can remember the journalists name, they're not a journalist. "it just shows that someone, somewhere along the line, got complacent" That position was taken by Apple, and their customers paid the price by believing in their marketing message.
Dipsh t Admin
on Dec 4, 2008
I guess robertsjoe school doesn't allow mobile devices, or I'm sure we would hear from him during the day. Since he doesn't deny it, he is just in school, probably high school, and doesn't have any real world experience except what Steve has told him. Another reason to ignore him, which I should take my own advice...
Waethorn
on Dec 4, 2008
"Sometimes words have more than one meaning." From urbandictionary.com http://tinyurl.com/4f7cro Sounds like robertsjoe, Ocean, Lindy, and lostamystuff to me.
shark47
on Dec 4, 2008
"It's kinda hard because the original blog post was a religious attack." So, y'all think of this stuff as some kind of a religious war? That would explain the use of terms like "jihad".
RaaJ
on Dec 4, 2008
I can't believe the complacency of the Mac crowd. If their platform is so untouchable, why is Apple patching holes by the dozens in every update? Look at the security bulletins issued by Secunia for OS X: http://secunia.com/advisories/product/96/?task=statistics Apparently, since the Mac users are somehow born different [nah, intelligent! they say] and the platform has in-built defenses against the vermin, why the worry, Apple? Do you Mac nuts also not install security updates from Apple, since you won't install an AV even after Apple [for a brief moment of sanity] recommended doing so? What would it take? An AV program from Apple itself?
DRWAM
on Dec 4, 2008
I think that the name calling just antagonizes and makes matters worse. The Mac crowd gets angry and posts a rebuttal, then the name calling [by BOTH side] starts a perpetual fight. Read some past threads and see. Wae, the 1TB FreeAgent Pro drive is pretty good. I think that you recommended Seagate drives [5 yr warranty]. Two of us bought one. This was from Frys.com. Newegg is getting slow in delivery. The shipped from less than 2 hrs away and it took business 5 days due to a hand off from DHL to USPS. This happened twice.
panache1023
on Dec 4, 2008
Waethron. From the same website http://tinyurl.com/64cjug Kind of sounds like you and MikeGalos, doesn't it? LOL! People in glass houses...
shark47
on Dec 4, 2008
I know of a couple of people who had those $500 laptops. They didn't want to pay for software, so they downloaded pirated versions from torrent sites. Some of them obviously came with Viruses or made the computer crash. They decided it was Windows that was the problem (obviously). Now they've bought $1600 iMacs and paid for some software too. Their experiece so far has been far better. I've noticed, at least among the people that I know, that they're willing to spend more on Macs and on Mac software. In such cases, I don't think a direct comparison of the two ecosystems is even possible.
mikegalos@msn.com
on Dec 4, 2008
One thing useful to all platforms is the new feature on Live Search that warns about compromised web sites. http://www.liveside.net/main/archive/2008/12/04/live-search-flags-malici...
Lindy
on Dec 4, 2008
"Obviously you haven't, so next time, do your homework." Lol you still have not provided anything genius. In 2008 (NOT 2003) in the PWN 2 OWN contest, Vista, OS X or Linux could not be hacked at all until the user went to a web sight and run some malicious code. All 3 went down by user initiated attacks. They could not be hacked just sitting there on the network. Blaster/sasser attacked a OS hole, on XP and 2000. NO USER INTERVENTION required. http://en.wikipedia.org/wiki/Sasser_(computer_worm) www.rif.org might help.
mikegalos@msn.com
on Dec 4, 2008
Realistically and leaving aside religious wars we get the following: There are many more exploits targeting Windows users The underlying architecture of Windows is better designed for security than Unix based architectures like OS X or Linux There is no magic "special sauce" that makes OS X or Linux less vulnerable to attack All operating systems have bugs that expose security holes - C based operating systems moreso due to C's lack of buffer management Apple does a worse job of keeping up on patching their operating system than Microsoft All software is vulnerable to zero day exploits User warnings on elevations of privildge are good, are present on all current operating systems and should not be disabled User warnings don't help against an exploit that uses a hole in an administrator tool Many OS X users don't run anti-malware software as a point of pride When a short notice exploit targets OS X using a hole that Apple hasn't patched and that takes over an administrator level service it will infect most of the OS X computers in the world within hours as most users won't have tools to stop it and, if it is written well most won't know they're infected.
Lindy
on Dec 4, 2008
@Mike that feature is only two years late... http://www.technewsworld.com/story/52262.html?wlc=1228400809
Lindy
on Dec 4, 2008
Wow Mike that post is almost not biased against Apple and well said....most of it. A lot of "if's" but all possible.
mikegalos@msn.com
on Dec 4, 2008
Lindy The goal was to summarize it all without the religious biases. Security is too important to fall into the "ur os suxorz" stuff. Personally, I think Apple corporate's willingness to encourage and exploit the "we're protected by magic" mindset in their users borders on criminal neglegence and I wish they'd get past it before somebody decide to take advantage of it. If I really were doing OS religious wars I'd be encourage Apple to keep doing what they're doing because if that zero-day system attack ever hits, the psychological damage to the Mac community will likely damage the reputation both far beyond what is deserved and probably beyond repair. While I thing Apple corporate deserves a black eye for encouraging this stupidity, the damage to the industry would hurt society in general.

Please or Register to post comments.

Related Articles

IT/Dev Connections

Las Vegas
September 30th - October 4th

Paul ThurottYou'll have the opportunity to experience:
• 120 Technical
Sessions
• Networking with Peers
• Expert Speakers


Come See Paul Thurrott & Mary Jo Foley in Person!

Register Now

Office 365 InfoCenter

Get the latest insight and info from Paul

Read Now!

What I Use
Apr. 18, 2013
Article

What I Use: On the Road 20

Every so often, I publish an updated version of my “What I Use” document, which details the technology products and services I actually use day-to-day. Since I’m currently on my third business trip in five weeks, this is perhaps an ideal time to discuss the technology products I rely on when I travel and a few related points....More
Mar. 6, 2013
Article

What I Use: March 2013 33

Lots of changes since November, including a new PC-based home server running Windows 8, several new smart phones, new PCs and tablets, new cloud backup, Office 365 Home Premium and a nice doubling of my Internet speeds courtesy of Verizon FIOS....More
WinSuperSite.com
Related Penton Sites
Copyright © 2013 Penton Media, Inc