Apple deletes Mac antivirus suggestion
Updated 7:45 p.m. PST with expert comment, at 7:20 p.m. PST with context on previous coverage, and at 7:08 p.m. PST with background.
Apple removed an old item from its support site late Tuesday that urged Mac customers to use multiple antivirus utilities and now says the Mac is safe "out of the box."
"We have removed the KnowledgeBase article because it was old and inaccurate," Apple spokesperson Bill Evans said.
"The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box," he said. "However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection."
Apple's previous security message in its KnowledgeBase, which serves as a tutorial for Mac users, was: "Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult."
Security experts, while pleased that Apple would urge Mac users to install antivirus software, had warned that running multiple antivirus products could cause problems and recommended against it.
Apple's antivirus support note was initially published last year and was updated last month, despite reports that it was a new note.
One Apple expert speculated that Apple was merely removing a poorly worded support note and said it probably wasn't ever Apple's intention to tell Mac users they need antivirus.
"I bet you it was a low-level support note and it hadn't gone through the right approvals," said Rich Mogull, security editor of Apple news site TidBITS. "That's my guess."
To some, Apple's latest move will be seen as back-tracking given that it comes one day after those misleading reports circulated. The motive remains unclear, particularly because Apple didn't replace the previously published suggestion with an updated one.
The message that remains is that Mac users don't really need to take additional steps to protect against viruses and other malware. Telling customers they can run antivirus for "additional protection" could be interpreted as a way to protect against any liability.
There are no known viruses in the wild that exploit a vulnerability in the Mac OS, and Windows continues to be the overwhelming preference for malware writers to target their programs. But malware isn't just taking advantage of operating system weaknesses anymore. In fact, the majority of such threats now come from code that targets weaknesses in browsers and other applications that aren't platform specific.
Mogull said he doesn't recommend that the average Mac user install antivirus software because of the low-level of malicious software seen for Macs at this time.
To me, this new Apple statement poses more questions than it answers.
Regardless of the meaning of Apple's latest action, I'm pleased to now have open lines of communication with the company. Over the last few months, I have had an increasingly difficult time getting any response to my e-mails and phone calls. For instance, I got no response to my requests for comment on Monday's article about this topic. However, after talking to several Apple spokespeople on Tuesday about the matter I am confident that the situation has been cleared up.
I also was reminded of how much collective knowledge CNET readers have about Apple and would like to extend an invitation for people to feel free to contact me directly at elinor.mills@cnet.com with any feedback and tips related to Apple security issues.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
- Topics:
-
News,
-
Vulnerabilities & attacks
- Share:
- Digg
- Del.icio.us
There were WMD in Iraq. That's a simple fact. WMD were not why we invaded, they were merely one excuse given for the invation.
So yes indeedy, the Mac is "safe out of the box"
While yes you are right that Apple publicly "recommends" [ as an additional protection] using an Anti-Virus software it however doesn't wholeheartedly believe it. Just go to an Apple store and see if any of their Mac's are running an Anti Virus software, nor does it require its employees to be running an Anti-Virus software in it's internal machines like most other companies.
Unfortunately Apple does this because they market their products in a land where the people (try to) sue them for selling an iPhone - which doesn't live upto their speed demands - instead of just returning the damn thing.
Penguinisto is right Anti-Virus software on the Mac is a wast of time, money and speed. You see, AV software run in the background and consume CPU cycles and Memory scanning for something that does not exist. And while yes there is a chance it might one day, but until that day comes you would have wasted all that resource. Imagine if every Mac user used and Anti-Virus software since the release of Max OS X. Look how much wasted energy would have been consumed - anyone from the Greenpeace hippy land around?
Secondly an Anti-Virus software is useless until it knows about the virus, so even if you have an Anti-Virus software running it won't actually do anything until you updated it with a virus definition, which will only be available once/IF a virus is successfully released in the wild. In which case why not buy an Anti-Virus software after/IF the virus is released with the updated virus definition. Though it's likely if it ever did happen Apple will offer a fix through it's software update for free.
The Only time an Anti-Virus is needed on a Mac is if you want to stop the spreading of Windows viruses to other Windows users as it will catch those. But my stance on this is, it's not my responsibility to protect the computers of other especially when they won't even help themselves by having an Anti-Virus software running on their own computers or by not have having a real computer running a real OS.
Vegaman_Dan and all you other PC Whinnies from the last article, where are you all now and your "...see even Apple tells you to use Anti-Virus software..."
Listen, damn it's so quiet you can almost hear the PC hard drives spinning away in the background scanning for viruses. hahaha.
It's sad to see people acting just like you... like tools...
Much of your comment is insightful, but this statement is not true; anti-virus software should also look for unusual behavior or actions, not merely bits of code that correspond to known viruses. While the most effective way to stop viruses, known and unknown, it's also the most difficult kind of anti-virus software to develop and test.
Thank you for your feedback, however I disagree when you say I have lost my objectivity and my your critical thinking by defending a company who is just after our money.
You see I am backing up my argument with facts and genuine arguments (see my first post above) unlike most other cnet commenters. AppleSuxLeo to name but a few. Secondly I am defending them because they are (in my opinion) in the right and are being wrongly 'attacked' - if you will for a lack of better word.
Lastly while yes they are a corporation who has an interest in monetary gain, however where they differ from almost all other companies in the world is they try and do so while also doing their best in creating wonderful products that innovates and pushes the boundaries of technology. Apple is not a ME-TO company.
You see for Apple monetary gain stands side by side with innovation and "changing the world" or "making a dent in the universe" which is whay Apple is a company many believe to be a company with a "soul - rightly or wrongly. Whether you believe this to be some cheesy marketing or fanboy hype or not - believe me that is how most if not all Apple employees go about with their day to day business at work. I have witnessed it with my own eyes. Which is why their products are as good as they are.
Now I could go on with multiple examples where Apple has proved money doesn't always dictate their business path but that is another article altogether.
I hope this clears things up for you and changes your judgement about me.
------
Where was I, ah yes Fanboy...Steve Jobs for King, yeah baby yeah.
Yes you are right, maybe I should have said, "Secondly an Anti-Virus software is [almost] useless until it knows about the virus,"
I stand corrected.
You see that is the point, anything trying to install on OS X needs a password from its Administrator which is why a virus cannot install itself in the background. Nobody has (yet) found a way round it.
So an Aniti-Virus scanning away in the background trying to stop an installation is wasted resources because the OS does that for you. If (BIG IF) someone did come up with a workaround I'm sure Apple would release a free fix in no time at all through its software update, as that would be a major security flaw.
P.S
and this "security by obscurity" argument is total **** spread by PC users lacking knowledge and looking for an excuse for their defense in the use of an inferior OS.
Believe me I have argued this point with university professors (family members) who had to "re-evaluate" their argument.
Since both of my systems are Macs, I would not benefit from an AV app.
Interesting how some Windows fanboiz start celebrating the moment they read the news.
No. That's not it at all, and quite frankly I don't buy the "security by obscurity" line one bit. There are enough attention hungry bad guys out there who would *love* to be the first to crack OS-X, and the installed user base is big enough that a truly effective piece of OS-X malware would be devastating.
Let's compare this to securing a building, okay?
WINDOWS: Was built with the assumption that this is a good neighborhood. Still, the doors and (yes) windows are closed and locked, but inside is an open floor plan. The plumber is coming, but he knows to use the key under the rock by the side door. Just for safety, there is a security guard (AV software) who keeps an eye on things all the time.
OS-X: Was built assuming a bad neighborhood. Not only are the doors and windows closed and locked, but inside, all the rooms have doors and those doors are always kept locked. All the people who are allowed to be here have their own keys, and those keys only work on certain doors. This includes the plumber...he has his own key. There is no key under the mat. But there is no security guard, either.
Both houses are secure, but if you can find the key under the mat, you can take control of the Windows house. Under OS-X, you could steal the plumber's key, but that would still only get you into the front door and the utility closet.
Heuristics are next to useless, quite frankly. They are responsible for a significant proportion of false positive reports from AV software, and since the criminal malware writing fraternity is not totally inept, they will test their malware against common AV software before releasing it. So heuristics are unlikely to catch any significant new malware in any event.
Heuristic checks, like AV software in general, is for the most part a waste of cycles.
Apple says so themselves:
http://tinyurl.com/65keus
Morally, you have an obligation, no matter how much you hate on Windows, to not further headaches for others. There is a cascade effect here,and just because we (I've driven a Mac since '86) aren't as vulnerable now like we were in 1999, we should not be too smug. Why do you get a vaccine for polio? It's not widespread. But it's smart preventative action. Your promotion of not using something like ClamXAV is simply ill-advised. Windows will implode in its own right, we don't need to help it along by playing Typhoid Mary.
Yes I would be legally liable if the piece of software was created and then sent by myself, NOT if it was sent from my machine. A lot of computers (I mean Windows PCs) are taken over in this world as bots without the user knowing and used for ill purposes. Yet no one ever got charged for not having a security or Anit-Virus software running after their computer was used as a bot. So where the hell you are getting this "legally liable" from I have no idea.
Now when you talk about a company situations where documents are being sent internally that is a different matter. I would still not use its (on a Mac) if the company does not make it a requirement, and no I would not be liable in this case either, for not having an AV software because it's not a company policy to have one. In which case company assumes all responsibility.
However I would use an AV software even on a Mac if the company I worked for had a policy dictating to do so, but not because I think I need it but because I would just be following company policy as the good employee.
Do you people give any thought to the arguments before you write them.
Moral obligation, moral obligation - Are you for real. I was born in Bangladesh one of the poorest countries in the world, millions die of poverty there. I of all people know where my moral obligation lies and it isn't no Windows user.
In a corporate environment, you run what the IT department tells you to run - there was never an argument there. That environment is also treated as an ecosystem, where all computers within it are responsible for each other, so to speak. Home use is different - far different.
As for a legal obligation, that's a very weak argument for running A/V on a Mac. Is the government going to compensate me for the time, electricity, and CPU cycles wasted in running one? No? Then they have no authority to demand that I do. You also have to know full well that a file is infected before passing it on... no A/V, no knowledge of an infection, unless it can be shown that you yourself did the infection with intent.
Moral obligation? Sure - but I cover that by never passing on email attachments that I myself haven't made, re-saved in my own programs, or modified.
And you are arguing this point because...
Nobody here is say Mac OS - or any other OS for that matter - is "100% safe".
Instead of being PRO one things, you should stand objective on all fronts for every OS, i like aspects of OSX, hate most of it... I like parts of LINUX... not a fan of the most of it... Really don't like parts of WINDOWS.. like others... who cares the PC (Macs are a Personal Computer) game is about preference and choice.
The assumption that you no longer need an antivirus is about as intelligent as saying Hitler shoulda ruled... Yes OSX is good, and strong, so is UNIX... turns out i have had 3 windows machines including 1 vista machine with no AV for a year (Funds ran low, dont like avg) never had a virus.
Wake up and smell the coffee guys its a new world where the company goes for your wallet, not your loyalty. If you wanna question the fact that i work for apple, go ahead. Your opinion on that fact means nothing to me.
You worked for Apple - well done good for you.
If you've bothered to read our pervious posts you'll see we are backing up our "pro" Apple stances with objective arguments and facts. Unlike many other PC Whinnies like yourself claiming Mac need a AV softwares without any objective thinking or counter arguments.
For example:
You say, "The assumption that you [Mac users] no longer need an antivirus is about as intelligent as saying Hitler shoulda ruled"
You then back up this point by arguing, "...turns out i have had 3 windows machines including 1 vista machine with no AV for a year (Funds ran low, dont like avg) never had a virus."
So the reason we Mac users need an AV software is because you as an individual Vista user had no virus for over a year. With such counter argument wisdom what are to Apple "fandboys" to do. Is it any wonder, with your intellect Apple didn't feel the need to keep you.
Read all the post and see which side - the "Apple Fanboys" or the PC Whinnies - are posting most of the sound and logical arguments. Best PC sided argument I've herd is Mac users should run AV software to protect the spread of viruses of Windows viruses to other Windows user. Right, OK.
The "real PC" I was referring to was any Personal Computer that is not running MS Windows - while it has some advantages it is a very flawed OS is many respects. Though Vista is (trying) improving things, but still a long way to go.
I've already explained myself as to why I do not use an AV software even as a 'just in case' scenario. You argument to buy a new Mac to ficilitae the efficient running of an AV software is pretty silly - sorry, but it is.
And yes it would be silly for me to spend about 10% of my income [cpu resource] on flood insurance if I lived in a Saudi Arabian desert.
Dude you are a fanboi, your opinion doesn't mean anything if all your bias goes to one OS. Be objective about ALL OS's you loose credibility when your name says things like "AppleProLeo". I know the apple OS is good for somethings, Video editing and such.. but it is not the end all be all of operating system. Get off your high horse, take off the rose colored glasses or whatever you wanna do, seriously bro... this isn't the old world of computing none of these Companies have the strength that they once had.
It's "WORK" for Apple, as in i still do... Sorry if i typed "WORKED" as a writer i have a tendency to type faster than i can correct.
I have no problem with anyone being a "fanboy" or having a bias of any company as long as they are not doing it blindly and are instead based on logical thinking.
My name id is AppleProLeo is just a counter play on the idiot AppleSuxLeo, my real name isn't even Leo. However yes I am pro Apple and have my own reasons for it backed with logical thinking.
I have never claimed Mac OS is the be and end of all OS's - though I do believe it is the best all round commercial OS in the world today. As it marries most of the qualities of Windows and Linux/Unix in one seamless environment.
I am an IT consultant and have worked for both Windows and Mac based companies including Apple. So you can say I do know quite a bit about the world of computing. So making an tech argument for or against and backing it up is something I do for a living. No koolaid involved here.
To be honest what I'm doing now is past of my work - I see this as research, the accumulation of other opinions and seeing if mine can be disputed with sound logic.
You work for Apple at present?
At best you're lying, at worst you're in bit trouble - as in you can say goodbye to your job - if Apple HR sees this page.
I know Apple relaxed its rules last year in regards to its employees commenting on the net but not to the extent where your allowed to comment on Apple - your employer - be it positive or not to the extent your doing.
Here's some free consultation advice.
http://www.monster.co.uk
"Vegaman_Dan and all you other PC Whinnies from the last article, where are you all now and your "...see even Apple tells you to Anti-Virus software..."
Hello! I'm right here and more than happy to comment. I don't take comments like yours personally so it's no issue at all.
And now that Apple has retracted that recommendation, I would have to agree with them. The problem was that Apple was recommending something that you and quite a few others disagreed with, citing superior knowledge of the product than the OEM itself.
Apple has updated their recommendations and I have no issue with it.
It is clear that you are very much pro-Apple and are willing to defend the company against anything that might be construed as negative. That's your right and you can post that opinion freely. Please do not feel offended or take it personally if others do not share that opinion. The world is all the better for havind differences.
Your analysis is well done, but your inputs are just plain lies. THe architecture and design of both Windows and OSX are based on the same premises. Both are based, if you go back long enough, on the concept of "good neighborhood". Both have been improved enough so that the architecture is sound and the code is reasonably good. Now, if you look at the architecture of the latest versions in detail, they are relatively on par (don't just start a "no, they aren't" war unless you are willing to provide examples, I've studied both architectures quite intensively and I see no advantages to Apple's architecture at all). As for code quality, sorry, Windows code has an order of magnitude fewer security bugs being discovered each month, Microsoft patches faster and that's even more significant considering that Windows gets more attention.
Does this mean that Windows is safer? Certainly not! Windows is attacked much more widely so if you are using WIndows (especially if it's XP) you'll have to take more security measures to be safe.
But that doesn't change the fact that OSX is NOT superior to Windows in the security front. UI, definitely. Performance, maybe. Elegance and integration, yes. But security? Definitely, absolutely and terminantly no. There's no decent analysis of the security aspects of the OS that indicate that.
If you wanna think that i'm BS'n you, go ahead i could care less, you opinion means very little to me, just as mine probably means very little to you. If you cant give an objective opinion then your pretty much as useless fanboy drone anyways so keep talking, ill keep reading and smiling at your blind loyalty to a company.
(Just so your aware, Employee loyalty went out the window when companies started to outsource, and yes apple does it to.)
You haven't even read what I wrote properly, have you? It's obvious you are trying to tell the would how you work for Apple. Guess what nobody cares, reread what I wrote regarding your status as an Apple employee.
You say you like arguing with other Apple employees, way don't you send a link to this page to Apple HR with your badge number. And see what kind of arguments you come up with then the smack you with the rule book.
Don't worry I do believe you now when you say you are an Apple employee, as you sound just like a stupid 'Mac Specialist' because it's only stupid 'Mac Specialists' who can't stop banging on about how he/she works for Apple and does something as stupid as post it all over the web.
Get over yourself, you're just 'Mac Specialist' - go sell some Anti-Virus software to some poor Apple customer.
Funny how your approach has changed from the chest beating crusader in the last article to this tail between the legs diplomat.
Hah - all you PC Whinnies are a joke.
Get a life dude, i was loyal to the government once, and i'll never be loyal to anything else again. everyone is out to screw you and the sooner you realize this the sooner you will get off your high horse.
No, you don't work at Apple (unless you're one of the janitors there or the like). I can say this with certainty because a professional never ***** where he eats.
Here's why: Until recently, I worked for the Intel Corporation (I'm a Sr. Sysadmin - I recently moved to a green energy corporation in September, for one hell of a pay raise), I studiously avoided making any and all comments online concerning the Intel Corporation, period.
I did this specifically to avoid jeopardizing my paycheck, and to help my employer avoid any allegations of astroturfing or opinion-slanting by the news and blogging community. I also did this to avoid even accidentally violating NDAs and/or confidentiality agreements.
If you were an actual professional working for Apple, you would have known enough to do the same.
/P
Kudos on the green energy company! :) and Intel is my choice company for Mobos and chips.
Don't worry about my job or what they are going to do about me, former Marine means i can pretty much get a job where i want to.
When anti virus software loses it's ability to track viruses individually they will have to change their methodology to what you are mentioning. We are reaching that poing but aren't quite there. Until we do, it's like they said. The AV software has to know about the virus.
I laughed at the "multiple antivirus utilities," and had to check myself that it was not a hoax floating around. Maybe they could work together better on a *nix based system, but it sure does create a pain on Windows.
That tells me something about the need for AV software on a Mac.
Does this mean that all three OS's are immune? Of course not. Does it mean that you need AV products on a Mac? No. That logic doesn't work there either. The networks I supported didn't have to deal with the issue because of the preventative measures and education in place.
Today, the focus on attacks aren't on the OS itself but instead upon exploiting flaws in individual applications or web services. That's something that none of the AV products out there can address at this time.
Does that mean that all three OS's are equally insecure and/or exploitable? Of course not.
Well - do you disagree?
Otherwise, --finally-- a sane post out of you, Dan. How'd that happen? ;)
THANK YOU !
However since I just got a Mac I'll enjoy the lack of AV on the system bloating it up.