« December 2008 IE Vulnerability
Antivirus on OS X: The risk equation »

Antivirus on OS X: Is it time?

Peter Tippett
December 19th, 2008

by Peter Tippett and Kevin Long

What’s a Mac user to do? Depending on where (and when) you looked, during December you’ve been offered the following advice when it comes to having security software on your system:

  • If you listened to Apple on December 1, you should be running multiple antivirus applications.
  • If you listened to a maker of antivirus software, you should be running their respective antivirus application.
  • If you listened to various bloggers and columnists, you’ve certainly not heard a consistent message.
  • If you listen to Apple today, they’re suggesting that Leopard is protected against malicious code “right out of the box.”

Despite the existence of several notable posts already written about this topic, this month’s chatter provides an opportunity to share the reasons we recommend against running antivirus software on Macs (in most situations).

Now that our scent has been picked up by zealots from all camps, we’ll devote the remainder of this post to exhausting a few of the tired and irrelevant comments that prevent most Apple security discussions from being productive.

Windows suffers more attacks because of its market share
This can be argued both ways, but the answer doesn’t matter. A hypothetical dramatic increase in OS X market share is unlikely, won’t occur quickly, and has no bearing on whether you should install antivirus software on your current system.

It’s only a matter of time
This is true of many things, but may not apply in this situation. OS X was launched in March 2001, and has yet to suffer a major security incident. Operating systems as we know them now may no longer exist in a few years, so it’s possible that OS X will never suffer a major security incident throughout its entire lifespan. That said, we continue to monitor threats to OS X as closely as we do to any other commonly-used application and are prepared to change our recommendations based on new and relevant information.

OS X has suffered a major security incident
No, it hasn’t, unless your threshold for “major” is very very low.

OS X has no significant vulnerabilities
Vulnerabilities in OS X are published on a regular basis. While most of them—like the vast majority of published vulnerabilities for all platforms—have no affiliated threat, there have been some that deserved the attention they received from security researchers.

Mac users are complacent
Some Mac users are complacent; some are not. Some Windows users who run antivirus software are complacent; some are not. Everyone who uses a computer with Internet access should exercise diligence in doing so. Sometimes that diligence manifests itself in the proper use of security software; sometimes it does so through sound configuration and behavior.

Antivirus software is the answer to security issues
Antivirus software provides protection from some threats, provided the given threat has an affiliated entry in the most recent definitions you’ve downloaded from your antivirus vendor or the threat triggers your antivirus application’s heuristic detection.

Apple’s television commercials make it sound like their computers are invulnerable
They’re commercials. They do not warrant mention in a serious discussion about security.

In Part II, we’ll pick up with a review of the RISK Team’s risk equation

Tags: , , , , , , , , , , , , , , , , , ,

This entry was posted on Friday, December 19th, 2008 at 9:01 pm and is filed under Analysis. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments

  1. AV is nothing more than snake oil, it is a purely reactive technology that has never really addresses the concern of security. The only real way to detect todays 0 day threats is with memory analysis. With or without AV it is only a matter of time before your box will be owned, the author was correct due diligence is the only way to mitigate the risks oof todays threats.

    Posted by: zs on December 20th, 2008 at 4:07 pm

  2. [...] Terms of Use « Antivirus on OS X: Is it time? [...]

    Posted by: Verizon Business Security Blog » Blog Archive » Antivirus on OS X: The risk equation on December 22nd, 2008 at 4:02 pm

  3. [...] is Part III of a three-part series on OS X security. Please read Part I and Part II if you haven’t [...]

    Posted by: Verizon Business Security Blog » Blog Archive » Antivirus on OS X: Total cost of ownership on December 23rd, 2008 at 2:05 pm

  4. Dan Goodin’s article at ‘The Register’ noting the emergence of two new Mac Trojans inspired Daniel Eran Dilger to write a response at ‘RoughlyDrafted Magazine’.

    Quotes of interest from Dilger:

    “While the anti-virus software [which Apple included with their .mac service] was never compromised by an external virus attack, it did cause other low level problems for the system, which got so bad Apple yanked the title and stopped distributing any anti-virus tool at all for Macs.”

    “On the Mac, there is no background danger of viral infection, only a theoretical one.”

    The Register: Mac malware tide on the rise
    http://www.theregister.co.uk/2009/01/26/more_mac_malware/

    RoughlyDrafted Magazine: The Mac Malware Myth
    http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/

    Posted by: Kevin Long on February 2nd, 2009 at 3:57 pm

  5. [...] our recent series on Mac AV suggests, I don’t run antivirus software on my OS X client systems. However, I do run Little Snitch. [...]

    Posted by: Verizon Business Security Blog » Blog Archive » Antivirus vs. egress firewall on February 3rd, 2009 at 1:56 pm

  6. ” our recent series on Mac AV suggests, I don’t run antivirus software on my OS X client systems. However, I do run Little Snitch. [...]“, what is the percentage of Mac OS users versus PC users in a typical corporate environment that your company caters to?
    Most likely it is very low, but as you stated, ” our recent series on Mac AV suggests, I don’t run antivirus software on my OS X client systems. However, I do run Little Snitch. [...]” that is your personal preference not a corporate culture’s position as a whole or in agreement with PCI DSS guidelines, so your comment is a bit misleading for the common corporate organization who are looking at verizonbusiness as their security advisor, managed security services or professional services.

    Posted by: Mark Teicher on February 13th, 2009 at 1:54 pm

  7. Thank you for your comments, Mark. Check out the last paragraph in Part III of our Mac AV series–
    http://securityblog.verizonbusiness.com/2008/12/23/anti-virus-on-os-x-total-cost-of-ownership/
    –to see the concerns you’ve expressed addressed.

    Posted by: Kevin Long on February 27th, 2009 at 6:48 pm

Leave a Comment

All submissions, like other use of this site, are subject to the Terms of Use. By using the site, I agree to those terms.