For the Mac users on my list...

[seawasp]

Given that Macs have increased drastically in popularity, I have to presume they have also increased drastically in vulnerability. What's a good antivirus/antispyware/etc. package for my Macs?

Comments

[autopope.livejournal.com]

The good news is, they haven't (so far) increased in vulnerability. There are one or two trojans out there disguised as warez copies of legit apps, but as long as you don't download illegal copies of commercial apps you are probably safe. The key, however, is to run OSX 10.7 ("Lion") and use sandboxed apps -- sandboxing being a prerequisite for getting your app into the Mac App Store (this is a hint). Sandboxing basically makes the apps run under a raft of whips and bondage security constraints that tend to keep malware at bay. Oh, and keep the personal firewall switched on. And don't use Acrobat for reading PDFs, it's a festering security nightmare. (The free Preview.app that comes with OSX is in any event nearly as powerful as Acrobat Reader and a lot nicer to use.)

[seawasp]

Hm. I have OSX 10.5.8, and I really don't feel any desire to go and spend money on new OS's for the five or six Macs in the house. Do I have to run 10.7 just to have any security?

[autopope.livejournal.com]

10.5.8 is close to falling off the back of the security update conveyor -- upgrading any Intel macs you have is strongly recommended.

You need to be running 10.6.8 before you can get Lion, because Lion is a download from the App store. You pay $20 just once and then can download it on any other Mac you've registered with your App store account. A copy of Snow Leopard ... you should be able to buy a DVD with it for about $30, I think.

But Lion is the one where they went to town on security, rolling out a buttload of important upgrades like ASLR and sandboxing.

Note: 10.6 and up will not run on PowerPC Macs. 10.7 will not run PowerPC apps, either -- it's pure Intel architecture.

[ninjarat.livejournal.com]

Not close... unless you mean off the end. Apple actively supports only two major versions of MacOS: whatever is currently shipping and the one before it. Those are 10.7 and 10.6 respectively. Version 10.5 is past its official end of life.

Regarding anti-virus, 99.995% or thereabouts of the viruses that the Mac scanners scan for are Windows viruses. They don't execute on Macintosh, of course, but if they are embedded in mail messages and Word documents and PDF files then they can be transmitted to Windows compies where they can do their damage. If you have a corporate policy that requires anti-virus then get ClamXav and set it to watch your downloads and documents folders and maybe your mail cache folder.

[joycemocha.livejournal.com]

What [Bad username or site: @ livejournal.com] said. The son is also going through a computer science program as well as criminal justice (goal: forensic computer work) and maintains Avast on my computer as an antivirus, plus maintains an aggressive firewall.

I've found Preview to be much nicer than Acrobat on my Dell at work, even in looking at the same PDFs. Problems arise sometimes with specialized education software (eSIS, grrrr) that aren't designed to play well with either Firefox or Safari, but those are rarities outside of the very specialized software I have to use at work.

[argonel.livejournal.com]

I unfortunately don't have direct experience. However the underlying security model for OSX is pretty robust. You can probably remain fairly comfortable as long as you have good backups.

Your biggest threats are hard drive failure and trojans. Both of which will wipe out your data.

[kengr]

I don't have any mac stuff more recent than an SE30. But I think my favorite PC antivirus is available for OS X. Check f-prot.com to see for sure. I *know* there's a Linux version.

[eacole72.livejournal.com]

I use Sophos, which is what my husband's employer has a site license for and offers to all employees for their home computers. It works pretty well and has caught a couple things before they got entrenched.

While Apple is gaining, it still is an also-ran and not as worth it for the script kiddies. It's a nice side benefit, at least.

[kharaku.livejournal.com]

To my knowledge there are still no in the wild viruses for Mac. quicktime and anything from the net is still a concern but you'd have to be considerd lucky to be hit by an actual virus on the mac

NOTE if you want to moonlight with windows use virtualization (like paralells or virtual box... or vmware if you feel like being all kruto

either way bootcamp; douches your real hard disk, Wine touches your real hard disk, watch out with anything you invite on your mac that can use non mac code and have direct access to your disk!

[alex swavely (from livejournal.com)]

Windows is vulnerable because it was based on a single-user operating system. That is, the end user could modify everything on the system without constraint.

OS/X and Linux are based on SysV Unix, which was designed from the outset for multi-user use - with safeguards in place to prevent users from interfering with the system itself without explicit permission to do so. Sure, there are still vulnerabilities, but Windows is still the shortest path to ground.

[ninjarat.livejournal.com]

Unfortunately, neither of these statements are accurate.

Windows NT/2000/XP/Vista/7/Server, aka the Windows NT family, are vulnerable not because they are a single-user OS. NT never was a single-user OS. The roots of Windows NT lie in Digital's very secure, very multi-user VMS operating system (look up Dave Cutler and Microsoft when you get a chance). Windows/NT is vulnerable to attack because of an architectural change made in NT 4.0. Specifically, Microsoft moved disk and graphics I/O processing from protected kernel space to unprotected user space. The reason is performance: moving these I/O functions to user space drastically reduced security context switching which in turn drastically improved overall performance of the OS. The problem with this is that low-level device I/O requires low-level device access privileges. These functions provided that access in a way that bypasses the CPU security layers. Gaping big hole.

OS X isn't based on System V UNIX. OS X's kernel history lies along the BSD UNIX path. Originally BSD UNIX plus Mach in NeXTStep and OpenStep, then a mix of FreeBSD and NetBSD plus Mach for early versions of what became OS X's kernel, and eventually just FreeBSD plus Mach since version 10.4. OS X isn't based on UNIX, it *is* UNIX, just the BSD flavor rather than the System V flavor.

The Linux kernel was inspired by MINIX, not System V or BSD. Early development was on MINIX and the first Linux file system was the MINIX file system. This might sound like picking nits, but ask a systems-level developer and he'll rant at you about the differences between Linux and real UNIX. If you're (un)lucky you may also get a rant about the differences between System V and BSD. :)