i need best anti virus

[MacInWin]

Analogies are always flawed, but let me try one to explain why you don't need any of the current Antivirus packages:

Imagine you own a Ford pickup truck. The media is full of news that Honda sedans suffer from people being able to open locked doors because they don't latch properly, so they issue a security recall to change how the doors latch. You get a letter in the email from a security company saying that because Honda suffered this security lapse, you should buy their Honda fix kit so that your Ford truck doesn't get broken into. NOTE: Honda doesn't sell Ford parts, Ford doesn't use Honda parts in the doors, basically there is nothing similar between Honda door locks and Ford door locks. Do you buy the fix kit? Of course not, because even if you did, the Honda fix won't work in your Ford. But, the sales brochure says, your Ford could be broken into, stuff taken, your camera taken with all your pictures and maybe the truck will even be damaged beyond repair! Yes, all that COULD happen, but that Honda door lock fix kit will NOT do your Ford any good at all, it's totally different.

Now, will someone, someday, somewhere find a security lapse in your Ford? Sure, it's possible, maybe even probable, but I can guarantee that that Honda fix kit won't do you a lick of good when that security lapse is found and used to break into your Ford. All that you will accomplish by installing that Honda fix kit will be to diminish your bank account by the cost of it and maybe actually put your Ford at greater risk because of installing something that has such critical access to the Ford door latch system.

Does that help explain why NONE of the current A/V can protect OS X from the unknown unknown and why those of us who run without any A/V do so? I don't need an A/V package to protect me from Windows viruses. When an OS X virus appears, someone will have to analyze it, find a fix and then put out an A/V package to protect against it.

 

[hoody]

Wonder what happened to the op.

 

[pm-r]

Wonder what happened to the op.

Unfortunately died of the virus they contacted. But their Mac was OK and survived.

 

[sailor#1]

Analogies are always flawed, but let me try one to explain why you don't need any of the current Antivirus packages:...

Does that help explain why NONE of the current A/V can protect OS X from the unknown unknown and why those of us who run without any A/V do so? I don't need an A/V package to protect me from Windows viruses. When an OS X virus appears, someone will have to analyze it, find a fix and then put out an A/V package to protect against it.

Hmmm. I wonder if the reason that OS X seems "immune" might be due to the lack of UNIX wizards in the malware writing business. Perhaps most of these people were brought up on PCs and Intel X86 and, finding fertile ground, have not bothered extended themselves into the UNIX world. Just a thought.

 

[Sawday]

When you need them it may be too late. Your computer could be compromised, your banking and credit card info stolen, your photos gone and all your files destroyed and, perhaps, your hard drives damaged beyond repair.

You forgot to mention that I should immediately buy a fur coat for my mac because it will be too late once it catches a cold.

Not sure how a product that is not designed to safeguard one from OSX viruses (since none exist) can possibly protect me from an unknown future threat should that unknown future thread strike. Care to explain?

 

[vivienne61]

I installed AdAware medic,it found 2 dubious things it advised deleting so I did.Next time I tried to open a new tab in Chrome I got an unable to open message with an error code. i googled this and discovered that a way round this was to install New Tab Redirect which seemed to fix the problem.What I'm trying to say is ,i never knew I had a problem till I installed AdAware,and should I have deleted those files?Maybe I should have left well alone since I wasn't having any problems! I didn't make a note of the files ,just quickly deleted as i trusted the app.Sometimes the cure may be unnecessary. I think I'll get rid of the app anyway.Anyone had problems with it?

 

[MacInWin]

Sailor#1, the very first "virus" the Morris worm, was written in and for Unix. So there are talented Unix blackhats out there.

 

[pigoo3]

There are DEFINITELY talented UNIX folks out there (the computing world is an awfully BIG place). I'm sure some of them are "devious" enough (just for the challenge of it)...would probably try to write a virus for a Mac just to see if it could be done. The definition of "could be done" being...could get past the barriers that Apple has put in place.

There is absolutely not a lack of talent out there!!!

- Nick

 

[sailor#1]

You forgot to mention that I should immediately buy a fur coat for my mac because it will be too late once it catches a cold.

Not sure how a product that is not designed to safeguard one from OSX viruses (since none exist) can possibly protect me from an unknown future threat should that unknown future thread strike. Care to explain?

Analogies are always flawed, but let me try one to explain why you don't need any of the current Antivirus packages:...

....Does that help explain why NONE of the current A/V can protect OS X from the unknown unknown and why those of us who run without any A/V do so? I don't need an A/V package to protect me from Windows viruses. When an OS X virus appears, someone will have to analyze it, find a fix and then put out an A/V package to protect against it.

You're both right. There is NO AV program out there that can catch an unknown virus. So, If I'm first to get it I will get it regardless of what protection I use.

Having said that, Symantec DOES make an AV program for MAC and that's what I use for OS X both Lion and Yosemite. MY HOPE is that whatever IT is will appear in the wild and Symantec will find and evaluate and develop a fix for their updates. This is also, of course, how Windows AV works as well. And $59 a year, or whatever, to protect 3 machines is not going to break the bank.

Regarding running 24/7, NIS (for Windows and earlier Macs my MP 2006 1.1 included) and NS (for Yosemite) both work in the background when I am not doing anything and do not slow down my machines noticeably, the word "noticeably" being the operative word. If I do not notice it than I do not care.

 

[Sawday]

You're both right. There is NO AV program out there that can catch an unknown virus. So, If I'm first to get it I will get it regardless of what protection I use.

Having said that, Symantec DOES make an AV program for MAC and that's what I use for OS X both Lion and Yosemite. MY HOPE is that whatever IT is will appear in the wild and Symantec will find and evaluate and develop a fix for their updates. This is also, of course, how Windows AV works as well. And $59 a year, or whatever, to protect 3 machines is not going to break the bank.

Regarding running 24/7, NIS (for Windows and earlier Macs my MP 2006 1.1 included) and NS (for Yosemite) both work in the background when I am not doing anything and do not slow down my machines noticeably, the word "noticeably" being the operative word. If I do not notice it than I do not care.

Assuming that Symantec get to the virus before you do and announce (a) that an OSX virus has been found and that (b) they have a fix for it, why not wait until that eventually and buy the product then, thus saving yourself $59/year. Meanwhile, what 'exactly' are you buying into? Of course, if the virus hits you first, before they have a fix, your so called anti virus is going to look pretty useless.

 

[pigoo3]

Sometimes with many AV programs…they can recognize things that "look funny"…and flag them accordingly. Even if it's a "new thing"…because new virus's can be based on a common programming foundation/structure of some sort.

So even if a brand new virus has not been identified/verified by the security community…and thus a patch to protect against it released. A good AV program can protect against it by simply flagging it.

But of course…if a virus is based/written in a completely brand new way (with no similarity to previous virus's in the computing world)…then an AV program may not even be able to flag it as "something funny".

- Nick

 

[MacInWin]

But of course…if a virus is based/written in a completely brand new way (with no similarity to previous virus's in the computing world)…then an AV program may not even be able to flag it as "something funny".

Nick, that's my whole point. At this time there is no known vector by which the AV software can find "something funny" because it doesn't even know where to look for this unknown-unknown virus. And although AV software is pretty clever at looking at the known attack vectors for suspicious behaviors, it has the same blind spot we al do for that unknown-unknown. Therefore, all AV software is, at this time, just a waste of money and cycles. If and when a virus is generated against OS X, then either Apple or the AV makers (or both) will scramble into action and come up with a blocker, but until that weakness is identified, they can't do anything.

For Sailor#1, you said:

MY HOPE is that whatever IT is will appear in the wild and Symantec will find and evaluate and develop a fix for their updates.

I'm with Sawday, I'm not willing to pay the money or the performance price (even if you can't see it, I can) until I have to.

 

[pigoo3]

At this time there is no known vector by which the AV software can find "something funny" because it doesn't even know where to look for this unknown-unknown virus. And although AV software is pretty clever at looking at the known attack vectors for suspicious behaviors, it has the same blind spot we al do for that unknown-unknown. Therefore, all AV software is, at this time, just a waste of money and cycles. If and when a virus is generated against OS X, then either Apple or the AV makers (or both) will scramble into action and come up with a blocker, but until that weakness is identified, they can't do anything.

I understand what you're saying. I'm thinking that current Mac AV apps are basing their "virus scans" / "virus definitions" on virus stuctures found in Windows systems. Which may or may not be appropriate for UNIX based Mac's.

I was thinking that "maybe" this info would be enough to at least be able to flag the "funny things" that a Mac AV program would be scanning for. Otherwise (like you're saying)...if it didn't do AT LEAST this...Mac AV apps would not be very useful at the current time (since they wouldn't know what vector to scan for).

It would at least be nice if Mac AV apps would flag the "funny" or "anomalous" stuff.

- Nick

 

[MacInWin]

It would at least be nice if Mac AV apps would flag the "funny" or "anomalous" stuff.

The challenge is to define "funny" and "anomalous" in OS X terms. And therein lies the entire problem. Right now we don't know of any holes. Until there is an identified hole, we can't watch for what comes through it. Maybe somebody will create an artificial intelligence AV system that can watch for holes developing, but that would take a LOT of cycles to run and still may not be able to be proactive about viruses.

 

[pigoo3]

The challenge is to define "funny" and "anomalous" in OS X terms. And therein lies the entire problem. Right now we don't know of any holes. Until there is an identified hole, we can't watch for what comes through it.

What I'm thinking is this.

1. Not so creative folks that write Mac virus's that don't take advantage of any possible OS X "holes" or vulernabilities. These are the ones that the Mac AV apps would detect & flag.

2. Very very creative folks who do discover an OS X "hole"...and are successful. I guess these are the virus's that a Mac AV app would not find/flag. But it would be nice if the Mac AV app would at least flag some of these as "anomalous" (if these should ever be successfully developed).

Again. I know what you're saying. If it's not defined...how can it detect it.

- Nick

 

[MacInWin]

In Case 1, it's not a virus, it's just malware. The user lets it install, probably unknowingly (think Genieo and the crapware that comes with it) or knowingly (MacKeeper, etc). So AV won't stop it because the user authorized it. Some users even complain about Gatekeeper and disable it.

In Case 2, again, how do I know what to watch for? What is "funny?"

Security ain't easy!

 

[Alwyn]

I don't mean to undermine in any way Jake's brilliant essay here, but there IS a known attack vector for the Mac -- users! I'm not just talking about the naive people who believe a prince in Nigeria needs their help, I'm talking about people who perfectly innocently use download.com (a bad site -- avoid!), install MacKeeper, surf dodgy sites (primarily pirating sites, or porn sites offering installers) or just click on a link in an email from what they think is their bank.

I was just telling a Mac User Group in a presentation tonight that when it comes to downloading, use only these three sources for Mac software:

1. The Mac App Store
2. MacUpdate.com
3. The developer's own company site.

If it doesn't come from one of these three places, do not download. If you are ever asked for your admin password and don't know why, do not give it.

Do not click on any link from an unsolicited email. If you want to check it out, copy the link and paste it into your browser to investigate it, or just visit the claimed site directly.

These simple steps, plus keeping your Flash and Java either disabled or bang-up-to-date, should stop most threats from being a risk to you. OS X has a built-in and silently-updated malware checker, plus a sandbox (meaning apps can't interfere with each other), and locks to prevent installations from unknown developers. But the weak link is YOU. Knowing that is half the battle.

The poor chap who originated all these replies must have taken fright! I think most of us, when we first converted from PCs asked the same question about anti-virus and were swiftly disabused.

I do have a question about downloaders from developer sits that are known to be reliable but that Apple still seems not have approved. For example there must be many Mac users who use Open Office. If it's opened after quitting or an update I invariably get a message saying that it's an application downloaded from the Internet. Are you sure you want to open it?

Is this because Apple haven't approved OO for use or should I just click on 'Don't warn me when opening applications on this disk image'? If I could be sure that this only relates to Open Office I would do the latter.

 

[MacInWin]

I do have a question about downloaders from developer sits that are known to be reliable but that Apple still seems not have approved. For example there must be many Mac users who use Open Office. If it's opened after quitting or an update I invariably get a message saying that it's an application downloaded from the Internet. Are you sure you want to open it?

Is this because Apple haven't approved OO for use or should I just click on 'Don't warn me when opening applications on this disk image'? If I could be sure that this only relates to Open Office I would do the latter.

That's Gatekeeper, a security feature of OS X. If you try to install anything downloaded from the Internet, the Gatekeeper asks if you really want to do that, just to make sure that you are aware of what it is and from where it came. Don't disable it. Just answer that you want to continue and it will install. If you download an app that doesn't have an installer, you'll get a similar question about the app the first time you try to run it. You only have to say you want to run it once, after that Gatekeeper leaves you alone. Don't disable it, just answer the question. Gatekeeper is a good thing.

As to why not all software goes through the MAS, Apple's agreements and requirements for software sold through the MAS can be, for some developers, a bit difficult to accept. There are rules about what the software is allowed to do and Apple takes a cut of the sale price for themselves. So some developers can't get in, some don't want in.

 

[cwa107]

This thread is making my brain hurt.

 

[harryb2448]

Well slam it!