Anti-virus — Is it needed for Macs?
I’ve been poking around the issue of whether Macs need an anti-virus, or more specifically an anti-malware solution. It’s been somewhat entertaining because nothing brings out the religion fervor of pro and anti Mac forces like this topic. Search the web and Mac forums to observe. Note: I’ll be using the terms malware and virus interchangeably, though the former is covers a very wide range of “bad” software, while the latter covers bad software that propagates from computer to computer much like a biological virus propagates. However, virus and anti-virus have also become generic terms for malware and anti-malware.
The pro-Mac forces basically say: NO WAY is this needed. The Mac software is too sophisticated, viruses are targeted at Windows only and if users remain diligent, you’ll not have a problem. Any known threats are in third party software, not Apple sanctioned. The anti-Mac forces say, yes traditional viruses have been Windows-based, but that’s because they were (a) an easy target and (b) provided a huge installed base. However, Macs are getting around 15% installed basic for computers, they are now more prevalent in the enterprise and the bad guys are looking to expand beyond Windows into Macs, smartphones and tablets.
Like any religious argument, there are elements of truth in the statements, but they don’t totally reflect reality. So, let’s examine this in a little more detail:
First and foremost — Let’s disavow the concept that Mac software is too sophisticated to get malware. While we are at it, let’s also recognize that Windows has gotten a hell of a lot more secure than it was. In fact, if you examine both, you’ll find that they have implemented very similar mechanisms for securing the solution. The fact is that all software can be exploited as long as one understands the underlying technology and can identify the holes to exploit. If you doubt that Macs are vulnerable, then why does Apple provide security fixes for existing software and more sophisticated security solutions in updates?
Next, let’s examine the average Mac user. Until recently, Mac users were pretty savvy folks and even now many/most remain that way. Frankly, technological intelligence and overall diligence is a huge weapon in the fight against malware. (Note even the most diligent will goof periodically.) However, for the past several years, Apple has been selling the concept that Macs are so easy that they are far better than PCs for the average non-technologically sophisticated user. The mac vs pc commercials were brilliant in driving this message home (and highly entertaining … I miss them). The fact is that there is a sizable population of Mac users who are not that technologically sophisticated nor are they diligent.
What about the enterprise? Until recently, most enterprises didn’t employ Macs, nor would they support them. Many simply wouldn’t permit them (not because of any issues with the Mac, but to simplify what they supported). That’s changing. Ironically, smart phones and tablets have helped to pry loose the controls of internal IT departments in Fortune 500 companies, opening the door for more Macs to be requested and deployed. A big reason for the increased market share of Macs is due to increased use in the enterprise.
Enterprises have a real problem with malware. A company with tens or hundreds of thousands of employees have that many potential gateways into the corporate network and systems. There is a good article from the NY Times about how RSA was hacked in an Advanced Persistent Threat (APT) attack using Adobe Flash as the entry point. If you run a Mac in a corporate environment, you might need to run a commercially available anti-virus solution if only to not pass along Windows malware to Windows users.
The Adobe Flash issue at RSA raises the issue of third part software on Macs. We all run it. Flash and Oracle’s Java are the two technologies that Mac-heads blame for the malware incidents to-date. The recommendation is not to run them. However, for most users, that’s simply not practical. Though Flash is dying in lieu of more sophisticated technologies, it remains pervasive. Java is also the base for many applications and solutions to be run on Macs.
So where does this leave us?
There have not been many issues with the Mac to-date and as of this writing, it remains reasonable to not run any anti-virus software on your Macs. If you’re running Windows on either your Mac directly or in a virtual machine, you do need to run anti-virus software on the Windows system. For Windows 7, I’d recommend the free Microsoft Security Essentials.
However, if you deem it important to run anti-malware software, the Mac community consensus is that the free, open source ClamAV is the best solution. There is a free product with ClamAV packaged with a GUI and scheduler called ClamXav which I run on my Macs. I’ve not seen any adverse behavior with this software and it’s easy to use. Also, since Mac OS X 10.4, ClamAV has been imbedded within the email software on the Mac to look for email problems.
There are some other good housekeeping tips (which are good practice on Windows 7 also):
- Keep your OS and application software up-to-date. Many software updates contain security fixes for recently found threats. On your Mac, insure that the system automatically checks for updates. Go to System Preferences->Software Update. It should look something like this:
- Make sure all your applications that have this capability (e.g., Microsoft Office) also automatically look for updates.
- If a surprise popup dialog offers to do an software update for an application, dismiss and explicitly search for an update either in the Preferences for the application or at the vendor’s website. The Adobe Flash malware for the Mac was propagated by what looked to be a legit offer for an update, but it installed malware. To properly update Flash, when you see the dialog, dismiss it and go to System Preferences->Flash and click Check Now under Updates.
- For Java on Lion, you should be running the most recent Java to correct a malware issue. See the following Apple case.
- When you see a click through to a website in an email, cut-n-paste the URL into a browser window.
- When the Mac wants you to enter your password before installing software, think first and only do it if you’ve requested the installation/update.
- Stay away from sketchy sites. Porn sites have been notorious for spreading technological disease, but there are plenty of what look to be interesting click-throughs on the sites you and your family visit. I make it practice never to click on any ads unless I know where it’s going and it’s legit.
If you’ve done any browsing on the Net from your Mac, you’ve seen a number of solutions for the Mac, especially a product called MacKeeper. The Mac community consensus is DO NOT INSTALL MacKeeper on your Macs and if you have, remove it. Though it provides some services for a Mac, it also behaves as Malware and is very difficult to fully remove. Phil Stokes has documented the MacKeeper uninstallation procedure.
Finally, there is a good post in the Mac-Forums.com on this anti-virus/anti-malware on Macs. I highly recommend you read it.
23May2012 — Updated with minor corrections.