The Official Mac AntiVirus and Firewall FAQ

Alexis · Apr 16, 2009

Anybody running a Mac and not running AntiVirus is really gambling with exposing their sensitive information.

While you don't hear about a Virus specifically being for a Mac, you certainly do hear about Trojan Horse programs, Keyloggers that can steal your information, etc.

If you do some research, there are plenty of vulnerabilities within the Mac OS, and programs that run on a Mac. This is how virus writers are able to create virus programs in the first place. While these people may not have targeted an operating system with single digit market share, its only a matter of time.

Keyloggers for Mac are cheap to buy, and easy to insert into any program as a free download. Mac users tend to be over confident in this department and will just install anything. Suddenly a keylogger is installed in your Mac, recording all the information when you log into internet banking, etc.

Since the firewall is turned off by default then there is nothing to stop, or even alert you, about the data leaving your machine.

So while there arent a lot of things to worry about labelled "Virus" in Mac land, there are plenty of other threats out there for Mac users to worry about that Virus scanners will be able to detect and stop.

An example of new Mac attack techniques being developed.

A very opinionated post for the very first one!

Been hearing about these theoretical attacks for 8 years now.

Nothing's changed. No need for anti-virus, no need for worrying.

While these people may not have targeted an operating system with single digit market share, its only a matter of time.

Yawn. Heard it all before. Still waiting...

joelw135 · Apr 16, 2009

I agree as far as the keyloggers go as I have seen it it action at a company that ran only Macs. It was attached to a PowerMac that handled the accounting office. It was sending bank and credit information to Russia. How it ended up on the Mac no body knows. The government got involved in the case, but I wasn't there to see what happened in the end. The company tried to keep it a secrete just in case it was from an employee.

tiger roach · Apr 16, 2009

Wow - great thread. Now I'm more confused than ever.

I guess for now I will stick with my plan of using the OSX built-in firewall with Stealth Mode turned on. (Perhaps even this is unneccessary since 'net access will be via a router (Time Capsule)).

I also plan to use Intego VirusBarrier X5 to be on the safe side. Maybe I'll run without it a week before installing and then see if there is a noticeable difference in performance.

cwa107 · Apr 16, 2009

tiger roach said:
Wow - great thread. Now I'm more confused than ever.

I guess for now I will stick with my plan of using the OSX built-in firewall with Stealth Mode turned on. (Perhaps even this is unneccessary since 'net access will be via a router (Time Capsule)).

I also plan to use Intego VirusBarrier X5 to be on the safe side. Maybe I'll run without it a week before installing and then see if there is a noticeable difference in performance.

Although I understand the intent, what I find really hard to swallow is the price.

Anti Virus programs work in 2 ways. The first thing they do is scan for known viruses based on a database of known viruses called a "DAT" file. If there are no known viruses, the virus scanner is essentially scanning for NOTHING. This is the reason you pay for a subscription, because the vendor is supposed to be busily at work updating this database. If there's no Mac viruses, then you're paying an annual fee for nothing.

Now I'm sure Intego's response would be that they ARE updating the dat files, but that they're updating them for new WINDOWS viruses. That's all well and good, but in my opinion the onus is on the user to run anti-virus. If my OS is immune and I accidentally send you an infected file and you run it on your virus-susceptible OS, then that's your problem.

The second thing AV products do is employ "heuristics". In other words, the program tries to preemptively determine whether a program is exhibiting virus-like behavior. This tactic is largely ineffective, but it certainly chews up a lot of CPU cycles. If it's aggressive, it will return lots of false positives and slow a system down to a snail's pace.

So, I guess my question is, if I'm not able to scan for Mac viruses and I have a completely ineffective plan B, then exactly what am I paying $70/year for? To scan for Windows viruses that don't effect me in the least?

Sorry Intego, no sale. Their pricing is outrageous, and the fact that they're able to effectively market this product, at these prices only serves to solidify PT Barnum's assertiion that there is a sucker born every minute.

Just my $0.02.

If you really feel the need to run an AV product, try ClamXAV. It has to be run manually, but it will at least give you a warm fuzzy that you're clean if you happen to get paranoid.

tiger roach · Apr 16, 2009

Hmm, well I'll think about it.

I guess I'm conditioned to paying a yearly fee for AV subscriptions from using PCs for the last several years.

cwa107 · Apr 16, 2009

tiger roach said:
Hmm, well I'll think about it.

I guess I'm conditioned to paying a yearly fee for AV subscriptions from using PCs for the last several years.

It's called Stockholm Syndrome. It takes awhile to get over it.

gimperdaniel · Apr 24, 2009

I have no virus or firewall set up on my mac... I never got one. I am aware there are some.. but the again.. where have you been browsing to get such things?

Gotta love my mac!

Dave Allen · Apr 28, 2009

How do you activate the mac firewall. I went to file preferences and sharing but could see no mention of a firewall.
Newbee mac user

cwa107 · Apr 28, 2009

It's already activated. If you want to adjust the settings (in 10.5, Leopard), go to System Preferences => Security => Firewall tab.

nubie2mac · May 6, 2009

Hi everyone,

I am new to the wonderful world of Mac computers and I already absolutely love 'em!

I am also new to this forum ... this is my 1st post with a question so please pardon my "guideline errors (if any)" including the length of this post (I wanted to provide "reasonable" pertinent info).

I have reviewed this thread re "Mac AV and Firewall FAQs" and understand that the "general view" is that there is no real need for any "security/AV" software for the Mac - except for sensibly using Mac "security features, e.g. proper firewall settings, etc."

However, prior to reviewing this thread (and having gotten "used" to the "vulnerable" world of PCs) I had {searched and} read up various other posts on the web re "Mac Security" and found the following post (discussing various product options including ones mentioned in this thread, e.g., ClamXav):

Mac Antivirus Software Reviews: The Best and Worst of Macintosh Antivirus Software

Through the above post I discovered Intego's "Internet Security Barrier X5" product which is also recommended by the post's author.

Upon further investigation, I also found the following additional reviews for this product

a) on Amazon:
Amazon.com: Intego 00309 Internet Security Barrier X5 Antispam Edition DP - Mac: Software

and

b) on MacUser:
MacUser: Product Reviews: Intego Security Barrier X5

and

c) on Laptopmag:
Intego Internet Security Barrier X5 Antispam Edition, a review of Intego Internet Security Barrier X5 Antispam Edition

All three reviewers recommend this product. I also found Intego showing up in various other "Mac security" related posts.

The anti-spam (Personal Anti-spam) part of this product does not seem useful (to me) as I use Gmail (which has excellent spam filtering) but the other two parts (NetBarrier and VirusBarrier) seemed to be potentially useful as they address the issue of "security."

Does anyone in this community have an opinion on Intego and/or their products, particularly this one?

Also, if I do not plan on running Windows on my Mac do I really need the "Dual Protection" version? I do have a "mixed" LAN setup: 2 PCs (running XP) plus 1 iMac with a 2nd MacPro on it's way.

Any thoughts would be most appreciated.

new 2 the wondrous world of macs .... O:)

...
Thank You.

cwa107 · May 6, 2009

Welcome.

As I said before, in post just a few above yours, I find it to be a lot of money to spend on an annual basis for a product that essentially does nothing. If you are paranoid and in general a careless user, then by all means go for it. But at this point in time, just a bit of common sense will keep you from having any troubles.

GK27V6 · May 13, 2009

So, after about nine months or so of using my MacBook, I decided to install a trial anti-virus software. After a full system scan it found three viruses on my Windows XP partition, and zero on the Mac side. On the Mac I do excessive web-surfing. Just thought I'd like to throw that out there ;D

jenzmac · Jun 11, 2009

Well I have a 'Trojan Clicker' in my Macbook and have not been downloading anything & do not run Windows!?

I was on cnet.com last week just looking at a review of a product with no intention of downloading a single thing and all of a sudden my Safari pages were taken over ... see thumbnail of a screenshot of the page that was being put up below

I DO NOT download dodgy programs (I prefer to buy software off line and install it) as is usually the question I'm asked following my previous posts in the last week

I do not have antivirus protection and have reset Safari several times and did a search of my system for anything which might be related the problem; deleed a couple of folders thay where still in the system for cnet & eBay (which I never use)

I've had Norton's yeas ago when I had a PC and loathed the thing ... please any suggestions for a good antivirus? Integro does look might expensive, it would need to be good

As someone wrote earlier, there is always someone out there trying to develop a way of getting into the Mac systems and it is only a matter of time and they will crack it. I've had a dream run over the past 2 years with my Mac but now I have to protect it!!

dtravis7 · Jun 11, 2009

EVERY REFERENCE I found to that Trojan Clicker you speak of is Win32. Windows. It talks of DLL's and Registry. OSX has no DLL's nor Registry.

That rare DNS thing for OSX can not be gotten going to Cnet.

I have checked 50 URL's and it's a Windows Virus. OSX can NOT run a Windows Win32 Virus.

jenzmac · Jun 11, 2009

Trojan Clickers

This family of Trojans redirects victim machines to specified websites or other Internet resources. Clickers either send the necessary commands to the browser or replace system files where standard Internet urls are stored (e.g. the 'hosts' file in MS Windows).

Clickers are used:

To raise the hit-count of a specific site for advertising purposes
To organize a DoS attack on a specified server or site
To lead the victim to an infected resource where the machine will be attacked by other malware (viruses or Trojans)

This is they type of Trojan I picked up using Safari last week

And I did not 'foolishly' download anything!! And I did not click anything of
n the website it took me too when I tried to move away from cnet.com

Hopefully the Mac techs are not so complacent about the possibility of an attack on Mac as some on this site are

dtravis7 · Jun 11, 2009

If that is the case how come I see not one case of a trojan Clicker reported on OSX? Every report is Win32. Find us one that for sure proves the Trojan Clicker will infect OSX.

If you are saying the users here at Mac Forums are so complacent, is that not judging us? I am very well aware of one Trojan DNS redirector for OSX. One. It's not called a Trojan Clicker. I go to Cnet all the time. I own 5 Macs and never had an issue.

Show us the reports of that exact named Trojan, Trojan Clicker infecting OSX. I can't find one so far. I am open. Show us proof.

There would be some reports of Trojan Clicker for OSX trust me. If a Mac blinks people make a BIG thing about it.

jenzmac · Jun 11, 2009

dtravis7 said:
EVERY REFERENCE I found to that Trojan Clicker you speak of is Win32. Windows. It talks of DLL's and Registry. OSX has no DLL's nor Registry.

That rare DNS thing for OSX can not be gotten going to Cnet.

I have checked 50 URL's and it's a Windows Virus. OSX can NOT run a Windows Win32 Virus.

I do not use Windows and I got it? It was doing exactly as described for the Trojan Clicker .. any other possibilities?

Remembering I was not downloading anything

cwa107 · Jun 11, 2009

jenzmac said:
I do not use Windows and I got it? It was doing exactly as described for the Trojan Clicker .. any other possibilities?

Remembering I was not downloading anything

Still haven't seen that screen shot. That would help tremendously.

Suboo · Jun 11, 2009

Are there any updates to this thread? I have a MAC OS X 10.5.6 and only run MS office for MAC, not 2 platforms. My computer has been running really well until lately. I have satellite connection at home with wireless router (old) and no password on the router 'cause we live in the country. Should i buy a new router (as suggested by the Hughes tech) to have better security? He suggested this to make our updated modem work 'better.' Also, i sometimes have my personal MAC at work on their wireless network (university), cause i refuse to use an IBM thinkpad at meetings.

jenzmac · Jun 11, 2009

cwa107 said:
Still haven't seen that screen shot. That would help tremendously.

Have been having trouble uploading it will try again...my connection kept dropping out yesterday

OK it's not allowing me to upload it again as I've attached it here, 3rd post downhttp://www.mac-forums.com/forums/switcher-hangout/154160-trojan-2.html