04-19-2012, 01:45 PM

Quote:

Originally Posted by lifeisabeach

The problem with the Flashback trojan is that people were unwittingly infected by going to sites that themselves were compromised. Not shady or disreputable sites… places like WordPress. If you visited a compromised site and were susceptible to the vulnerability in Java, you too were compromised, invisibly. Period. The days of telling people to be smart and use "safe" computing practices are over. Most people grossly overestimate their ability to judge what is safe anyway.

I have to agree here. I'm one of the few that does run AV on my Mac (Norton) and in my opinion, an ounce of prevention is well worth a pound of cure as we are seeing with these outbrakes. The idea that only porn, filesharing and other obviously questionable sites will lead to malware on your system is long over. All it takes is one respected site to get comprimised for a mass outbreak to occur. IMHO, AV's benefits are not limited to Windows PCs, but any internet connected computer of any flavor. Is it a requirement, no. but if my data, passwords and accounts are safer as a result then for me it's worth the slight performance hit.

04-19-2012, 03:32 PM

My questions are:

Can the antivirus programs detect the trojans as well as the PC viruses?

If the answer is yes, which AV program does the best job with the least impact on speed?

How often do the AV program definitions have to be updated?

04-19-2012, 05:52 PM

Updated? Larry I think you will be waiting a long time for an answer as the only virus definition updates are for Windows machines. As suggested earlier try ClamXAV if you feel you must use AV software.

04-19-2012, 06:47 PM

Quote:

Originally Posted by MikeM

I have to agree here. I'm one of the few that does run AV on my Mac (Norton) and in my opinion, an ounce of prevention is well worth a pound of cure as we are seeing with these outbrakes. The idea that only porn, filesharing and other obviously questionable sites will lead to malware on your system is long over. All it takes is one respected site to get comprimised for a mass outbreak to occur. IMHO, AV's benefits are not limited to Windows PCs, but any internet connected computer of any flavor. Is it a requirement, no. but if my data, passwords and accounts are safer as a result then for me it's worth the slight performance hit.

I agree with this line of thinking, also. I have Dr. Web for Mac installed and would rather be safe than sorry, even if the AV gives just a bit of extra protection. I chose Dr. Web because I had previous experience with their AVs for quite some time when I was a PC-only user.

04-19-2012, 07:06 PM

We use Avast, doesn't seem to impact the system at all, and we met several of the employees on a trip and liked them. (I know the last part if irrelevant to protection level, but it is a factor in our decision to use Avast.) When testing with Eicar, it caught all of them, even when we imbedded the code in a local servers page. For what we do it is a must, we remote into others systems on a daily basis and upload and download files. So we want to ensure our systems are clean as well as what we are pulling from theirs, and it most of our customers policy to have an antivirus installed and updated to use a VPN to enter their network....yes even when we are using one of our Linux boxes.

04-19-2012, 07:12 PM

I don't use any now and don't see that changing any time soon.

04-19-2012, 09:06 PM

Being a long time Linux user, and still using it, even some Linux aficionados have AV software installed. With the Mac OS having a much larger market stare, Apple user would do well to do the same. No need to take shots at MS as an example of a poorly designed OS. It really has no relation to the Mac user. Like another poster said, an ounce of prevention is worth a pound of cure. Too many AV software, free and paid, not to do so. And too many malcontents doing bad things not to use an AV.

For my benefit and peace of mind I'll continue to do so. After all is said and done, what does it really cost you?

04-19-2012, 09:44 PM

I have been using mostly Linux for quite some time and I have avoided using any AV on it without incident. However, as malware, trojans, etc. are being slipped into innocent websites and machines with vulnerabilities are infected while visiting those safe sites, users have little means to detect a potential problem while searching/using a trusted site. With that in mind I'm using Sophos and have seen no speed or resource drop for doing so.

Our machines are plenty powerful enough to run a decent low-resource AV so avoiding doing so is just running at risk. Sure, you may never be infected, but will you know when you are or right before you are? We can claim all the safety we want about our own practices, but if your trusted site is hacked and becomes a breeding ground for malware spread, then what? It's an innocent site with malicious contents placed there by someone other than the site owner. How do you prevent that by running without protection?

Those are questions I posed to myself. Each of us has asked ourselves how we want to handle security beyond the inherent security measures built into the OS. I lean toward the "can't hurt to be too careful" side, but I totally understand those who trust their practices and their OS to remain free of issues.

04-19-2012, 10:25 PM

WOW, Never thought i would get so many answers!! Thank all of you for taking the time to answer a simple question. I know now i have so much more knowledge about choosing an AV. Thank you again, Holly

04-20-2012, 12:06 AM

Quote:

Originally Posted by TBABill

Our machines are plenty powerful enough to run a decent low-resource AV so avoiding doing so is just running at risk. Sure, you may never be infected, but will you know when you are or right before you are? We can claim all the safety we want about our own practices, but if your trusted site is hacked and becomes a breeding ground for malware spread, then what? It's an innocent site with malicious contents placed there by someone other than the site owner. How do you prevent that by running without protection?

This reminds me of an interaction I had with someone once. Years ago, when I was a regular Windows user, I was active on usenet in a PC support group. One week, we were in intense discussions about AV software. I had been reading up a lot on tests and reviews of AV software, and one thing that we had been recommending was to have two different AV software packages… one that actively scanned, a second one that you only ran on demand for a "second opinion". This came about because no single AV software was proven to catch everything. All them, without exception, missed some malware in independent tests.

So anyway, one regular was like "Well I'm fine with what I'm using. It gives me a clean scan every time, so it's doing its job just fine." I then said "How do you KNOW it's not missing anything? Just because it says you have no malware doesn't mean it's not overlooking any." So he thought about that, tried a second piece of AV software, and BAM! He had two pieces of malware running that his regular AV software (Norton or AVG i think) completely missed.

So the moral of this is that optimism and faith that your existing practices are good enough… isn't good enough. There's no reason to not have AV software on your Mac. Even if it's not actively scanning all the time, run it once a week or so just to be sure. There literally is no reason not to. Consider it a challenge. Think your habits are good enough? PROVE IT… even if only to yourself.

04-20-2012, 03:04 AM

I would remind some of the participants in this thread that all of us who are running Snow Leopard or above are ALREADY running an anti-malware program from Apple. It is what is protecting us from the earlier Flashback variants RIGHT NOW. I don't know why it couldn't be used for the Java exploit (though I have a theory on that), but generally speaking, we are ALREADY COVERED in this regard.

04-20-2012, 09:11 AM

Quote:

Originally Posted by chas_m

I would remind some of the participants in this thread that all of us who are running Snow Leopard or above are ALREADY running an anti-malware program from Apple. It is what is protecting us from the earlier Flashback variants RIGHT NOW. I don't know why it couldn't be used for the Java exploit (though I have a theory on that), but generally speaking, we are ALREADY COVERED in this regard.

Generally speaking, we are already covered. Except when we aren't. If it's not 100% covered, then you are at risk. "Generally" isn't cutting it.

04-20-2012, 10:48 AM

Quote:

Originally Posted by lifeisabeach

This reminds me of an interaction I had with someone once. Years ago, when I was a regular Windows user, I was active on usenet in a PC support group. One week, we were in intense discussions about AV software. I had been reading up a lot on tests and reviews of AV software, and one thing that we had been recommending was to have two different AV software packages… one that actively scanned, a second one that you only ran on demand for a "second opinion". This came about because no single AV software was proven to catch everything. All them, without exception, missed some malware in independent tests.

So anyway, one regular was like "Well I'm fine with what I'm using. It gives me a clean scan every time, so it's doing its job just fine." I then said "How do you KNOW it's not missing anything? Just because it says you have no malware doesn't mean it's not overlooking any." So he thought about that, tried a second piece of AV software, and BAM! He had two pieces of malware running that his regular AV software (Norton or AVG i think) completely missed.

So the moral of this is that optimism and faith that your existing practices are good enough… isn't good enough. There's no reason to not have AV software on your Mac. Even if it's not actively scanning all the time, run it once a week or so just to be sure. There literally is no reason not to. Consider it a challenge. Think your habits are good enough? PROVE IT… even if only to yourself.

How do you run two? From what Ive seen with 2 installed on occasion sometimes they pick on each other. Are there certain combinations to avoid?

Just curious,...

04-20-2012, 11:00 AM

On the one hand, I agree that Apple has been lax in closing holes in its products of late.

On the other hand, the anti-malware companies aren't much better. Flashback was spreading in the wild several days before most anti-virus vendors were able to offer any protection.

Quote:

Originally Posted by chas_m

I don't know why it couldn't be used for the Java exploit (though I have a theory on that)

The OS X Quarantine flag is not applied to Java applets. No quarantine flag meant no XProtect scan. Instead, Java applets are supposed to be sandboxed by the JVM, but exploiting the bug in Java (that Apple was slow to release a patch for) allowed it to break out of the sandbox.

04-20-2012, 11:45 AM

Quote:

Originally Posted by Brunhild

How do you run two? From what Ive seen with 2 installed on occasion sometimes they pick on each other. Are there certain combinations to avoid?

Just curious,...

It's been a very long time, but only one you allow to be memory resident and scan incoming files. The other you only run on demand to scan the files on the hard drive. If both are memory resident and always actively scanning, then yes, you'd have issues.