Our machines are plenty powerful enough to run a decent low-resource AV so avoiding doing so is just running at risk. Sure, you may never be infected, but will you know when you are or right before you are? We can claim all the safety we want about our own practices, but if your trusted site is hacked and becomes a breeding ground for malware spread, then what? It's an innocent site with malicious contents placed there by someone other than the site owner. How do you prevent that by running without protection?
I would remind some of the participants in this thread that all of us who are running Snow Leopard or above are ALREADY running an anti-malware program from Apple. It is what is protecting us from the earlier Flashback variants RIGHT NOW. I don't know why it couldn't be used for the Java exploit (though I have a theory on that), but generally speaking, we are ALREADY COVERED in this regard.
This reminds me of an interaction I had with someone once. Years ago, when I was a regular Windows user, I was active on usenet in a PC support group. One week, we were in intense discussions about AV software. I had been reading up a lot on tests and reviews of AV software, and one thing that we had been recommending was to have two different AV software packages… one that actively scanned, a second one that you only ran on demand for a "second opinion". This came about because no single AV software was proven to catch everything. All them, without exception, missed some malware in independent tests.
So anyway, one regular was like "Well I'm fine with what I'm using. It gives me a clean scan every time, so it's doing its job just fine." I then said "How do you KNOW it's not missing anything? Just because it says you have no malware doesn't mean it's not overlooking any." So he thought about that, tried a second piece of AV software, and BAM! He had two pieces of malware running that his regular AV software (Norton or AVG i think) completely missed.
So the moral of this is that optimism and faith that your existing practices are good enough… isn't good enough. There's no reason to not have AV software on your Mac. Even if it's not actively scanning all the time, run it once a week or so just to be sure. There literally is no reason not to. Consider it a challenge. Think your habits are good enough? PROVE IT… even if only to yourself.
The OS X Quarantine flag is not applied to Java applets. No quarantine flag meant no XProtect scan. Instead, Java applets are supposed to be sandboxed by the JVM, but exploiting the bug in Java (that Apple was slow to release a patch for) allowed it to break out of the sandbox.I don't know why it couldn't be used for the Java exploit (though I have a theory on that)
How do you run two? From what Ive seen with 2 installed on occasion sometimes they pick on each other. Are there certain combinations to avoid?
Just curious,...
On the other hand, the anti-malware companies aren't much better. Flashback was spreading in the wild several days before most anti-virus vendors were able to offer any protection.
I continue to maintain that an "anti-virus" for the Mac is unnecessary. Yes, some third-party essentials that are included (or in the case of Java, not included as of Lion) in OS X can be vulnerable to malware. And yes, the so-called "anti-virus" programs may catch these faster than Apple.
I still don't think the trade-off is ultimately worth it, however. There has yet to be a malware threat to the Mac that wasn't comically easy to avoid, and for all the hype this latest malware got -- the servers it was supposed to report it got shut down early on, meaning even those who were "infected" didn't actually have anything happen to them other than that. I would call that "overblown."
Java is rarely used on the Mac anymore (at least via the web browser), so for most people I'd say simply turn it off and see if you don't need it (the final "fix" from Apple essentially does that already). Most of the infected machines, from what I've read, were running outdated software. For them, you need to disable Java period full stop until you update to a more modern system.
I think good computing practices will go a lot further towards keeping you out of trouble than an "anti-virus." While Flash and Java have been compromised, I notice that neither of those things are parts of OS X, so I still have great confindence in it.
The more popular Macs become, the higher the likelihood that new viruses will appear for Macs.
Eventually, a Mac will be just as vulnerable to a virus as a PC is.
I've never understood why it isn't possible to put anti-virus software on all the web servers in the world & protect all computers - be they Windows PC, Mac, or any other flavour of machine - from viruses at the source of the infection...