Video: Do Mac OS X users need antivirus?

Video: Do Mac OS X users need antivirus?

Summary: Do Mac OS X users really need antivirus? recently posed the question to security professionals at the AusCERT 2009 IT security conference on the Gold Coast.


video Do Mac OS X users really need antivirus and if so, why? recently posed the question to security professionals at the AusCERT 2009 IT security conference on the Gold Coast.

Many Mac users still avoid antivirus (AV) because of the belief that no one has made malware for Apple's platform. But over the past two years, attackers have started experimenting, typically by social engineering or luring a Mac user into downloading fake antivirus or codecs in order to bypass the application signing process that usually keeps a Mac safe.

Given the appearance of malware for Macs, albeit small in number compared to Windows machines, there's growing consensus amongst security professionals that antivirus is a "must have" for Mac OS X systems. Network security executive for IBM's security division ISS, John Pirc, told that he used AV on his Mac because it is "better to be safe than sorry".

Another executive from encryption vendor RSA Greg Singh said the operating system doesn't matter — users should get used to the performance degradation that comes with AV because every platform is vulnerable. Microsoft senior security architect Rocky Heckman said AV became necessary when Apple in 2001 decided to underpin OS X Tiger with the BSD operating system because it made Macs an easier platform to write malicious code for.

One respondent said they'd even seen "botnet activity" on the OS X platform, while others referenced the popularity of the stylish computers as the reason for their being in danger.

But a lone security researcher, Peter Gutmann from the University of Auckland, New Zealand, reckons the AV-free world that Mac users have enjoyed is not quite over yet, and asks why spend money defending what's not being attacked?

What do you think? Do Mac OS X users really need antivirus software? Why or why not?

Topics: Apple, Hardware, Security, AUSCERT

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I'm going to say no.

    The degradation of performance by using AV is not even close to worth it on a Mac. People in IT security are just paranoid as all hell. Which is fine, but let's not get too carried away here.
  • Most unbalanced article ever?

    Whilst I do enjoy most articles on ZDNet, every now and then you have one that leaves me scratching my head.

    It was with amazing shock that you virtually had a 100% majority of people saying to use anti virus on Mac's.

    However, considering this has done at ausCERT2009 I am not surprised.

    It is definately within their interest to tell mac users they need anti-virus, regardless of it they do or not.
  • Let's talk real down time

    It's true, AV software isn't fun and it reduces system performance but the loss of days worth of work to a virus versus seconds in waiting for applications to open and close hardly seems a difficult choice.
  • Mac OS X Users

    I have always used IBM compatibles, because of their early Floating Decimal Facility. Bear in mind i am not a Graphics user.
    But i still cannot understand the type of mind that states categorically that a Mac cannot be Botted, or Spywared, Or hit with various viruses.

    Any dedicated Programme Writer can create a virus ( maybe have already), which will create an instant super computer, be it Mac or IBM compatible.

    These people must live in a world hidden under a mushroom
  • The lone guy is right

    Let's remember this is where businesses are trying to sell their software to mac os X. The lone guy got it right. There's no money to be made on mac's. The VAST MAJORITY, 93% or so, of the computers out there are WIndows pcs and many haven't been updated are just sitting ducks for the bad guys. Not so with Macs. That's not to say Macs aren't vulnerable. They are but there's no intrest in them.

    And none of the guys stated there is a current problem just that there COULD be. All those in this video are just trying to scare you into buying their product.
  • No

    Has there ever been a virus for Mac OS X? No.

    Trojans pop up every now and then, but there hasn't been a serious virus attack ever. The only reason to get anti-virus is to prevent you from spreading something to your Windows-using friends.
  • No, yet again

    Security experts in 2001 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

    Security experts in 2002 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

    Security experts in 2003 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

    Security experts in 2004 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

    Security experts in 2005 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

    Security experts in 2006 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

    Security experts in 2007 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

    Security experts in 2008 said, "Any day now Mac OS X will be hit with viruses/" Didn't happen.

    Now in 2009 Security experts are saying, "Any day now Mac OS X will be hit with viruses/"

    Is it any wonder that the people that sell anti-virus software are recommending that people buy anti-virus software even if there is no need for it? And now that Mac OS X has a 10% market share there is more profit in them crying wolf.
  • it has to do with being a Unix OS

    yes, that's a common problem with people still using Windows. they don't realize Windows was never designed to be on networks, and is the reason it gets hit when connected to networks.

    OSX and the whole UNIX family was designed from the very start to be ON networks... so the problems you are having can't happen on OSX.

    There are ZERO Viruses on OSX for a REASON... now you know!
  • A dumb article, OSX already has AV Software

    I really wish people would wisen up, Apple already provides all the security IN the OS... it's called "security update" and as long as you are current, you have nothing to worry about.

    3rd Party AV software is a throwback to the Windows era... but today, if you are running Unix / OSX, there is NO NEED to pay extra... it's just a scam by AV companies that try and trick Windows users that now use Macs out of money.

    True Mac users know, OSX can't be bothered by such attempts because of the way OSX is structured.

    In 10, 20 years from now, you'll still see "scare articles" saying... "Any day now... Macs will be like Windows"...

    Buzz... WRONG.

    These people need to learn how Unix works, then learn how Apple made it even more secure with OSX.
  • Microsoft Senior Security Architect Said WHAT?!

    "Microsoft senior security architect Rocky Heckman said AV became necessary when Apple in 2001 decided to underpin OS X Tiger with the BSD operating system because it made Macs an easier platform to write malicious code for."

    Why did anyone ask Mr. Heckman his opinion? We certainly have no reason to care. Windows is the single LEAST secure operating system, commercial or Open Source, available on the planet.

    Why Heckman's opinion is lunatic:

    1) Apple didn't decide to underpin Tiger with BSD. NeXT decided to underpin NeXTStep with BSD decades ago! Mac OS X inherited it when Apple decided to make NeXTStep/OpenStep the foundation for Rhapsody, which was then developed into Mac OS X.

    2) The three most secure operating systems on the planet have been repeatedly proven to be:
    A) OpenBSD
    B) FreeBSD
    C) Mac OS X
    Mac OS X incorporates elements of both OpenBSD and FreeBSD into it's core OS called Darwin OS. So what Mr. Heckman it talking about is incomprehensible. He is either a blithering idiot or is pulling a FUD manoeuvre by telling the opposite of the truth in order to fool the public that black is white, war is peace, hate is love, the usual double-speak routine from the book '1984'. Shame on Mr. Heckman.

    This has to be one of the most dishonest statements from an Microsoft executives of all time. It is running neck-and-neck with Bill Gate's moronic statement that Mac OS X is exploited everyday, when it fact it is HIS operating system that is exploited every day.

    Or maybe there's lead in the water over at Redmond. (o_0)
  • I have AV on my Mac but...

    I've been working extensively with Macs since about '88 or so and I've never seen a virus that did anything but threaten connected Windows users. I have never seen a Mac show any affects from having been infected. The Windows machines on my LAN seem to get infected with something regularly despite being protected by AV software.
  • I-Frame, PDF Vulnerability,Safari Vul

    WAKE UP! I-Frame redirect. PDF Vulnerability, Java Vulnerability, SQL Injection,Safari Vulnerability, Quicktime Vulnerability and a host of other Vulnerabilities that will be found in the future. The attack has just started by the novice and novice + hackers. Give it a couple more years for the pros to hit. We are not talking viruses here. Trojans and full out "ownage" of Root by the browser. How can you guys even know that you have been OWNED if you have zero anti-malware programs that could catch 50%-70% of the hack. They don't tell you these days like they did years ago. Total stealth and keyloggen you . Same with a silent low resource bot. Unix is only code. AND Apple SUCKS at security updates. 5 months and no Java fix. Piss poor lazy arrogance that will bit them if the Russin Business Network want to be heard with a high tech pownage Safari/Firefox OS X browser attack. Don't be too smug. OS X has never had pros hit it. It will fall just like MS does.
  • Couple more years?

    You keep repeating that every year...mkay. Nothing is perfect eventually something will happen to OSX but to the extent of the problems on Windows? Maybe you better wake up. Microsoft put a single user system on the internet. All the other Os's on the planet are Unix or a variant of Unix except to gues which OS that is?,00.shtml
  • those are just "vulnerabilities"...

    Sounds like you don't understand security...

    Fort Knox is "vulnerable"... correct?

    Then why hasn't anyone been able to break in and steal the gold?

    THINK about it... the reason is simple... it is the MOST SECURE location in perhaps the entire world... OSX is the same thing... nobody can break in... there are far too many deterrents and watchful eyes on Fort Knox and OSX.

    Nobody can get to Root from a Trojan, so don't be silly... You can only get to Root by PHYSICALLY being in front of a Mac and booting from another HD or DVD. So that ends that possibility.

    On OSX we have a process viewer, so we know exactly what is running at all times. Nothing can get past an OSX box... nothing.

    Apple is the No. 1 security conscious company in the world... that's why nobody has ever gotten through from the outside.

    I've heard your type of ramblings for years, but one thing is always in common... You have never used OSX, nor understand how it works.

    The best hacker & cracker minds have tried for years and years and years to get past OSX since it's the most GOLDEN prize of all of computerdom... but nobody has been successful.

    Mac users are the most security aware users on the planet since they dealt with that issue decades ago... now they don't allow that type of activity...

    Better luck next time!

    It's odd how FUD mongering trolls are so often 'anonymous'. "Apples SUCKS...", "poor lazy arrogance...", "Don't be too smug...", "It will fall...". All the buzz words and phrases I've heard since 1984 when the Mac was released. Ever wonder why Mac users get defensive? It's garbage like the above.

    And now for some facts:

    Apple has been lazy about security in the past. The one good thing that came out of the ongoing anti-Mac security FUD fest, started in August 2005 by Symantec, has been that Apple's attention to security has multiplied exponentially. Currently they ARE slow pokes regarding the Java vulnerability. What that means is that Apple has to continue to improve its security consciousness.

    ALL the current Mac malware in the wild are Trojan horses requiring 'luser' error in order to be installed. There are, according to my count, 11 of them from 4 different families. There are no viruses, no worms, no illegal spyware/adware/keyloggers. All the legal spyware, of which there is a lot, require installation by someone with account access.

    PDF, Java, SQL, Webkit (Safari & others), and QuickTime all have vulnerabilities, but they are add-ons to Mac OS X as well as other OSes. Apple's least secure software is QuickTime. It has received the most frequent updates of all Apple software since 2007, and another new vulnerability was announced just this week. But again, it is NOT Mac OS X. Therefore, the vulnerabilities these days are mainly software ADDED ON to Mac OS X, NOT the OS itself.

    Pro hackers have already attacked Mac OS X via the Trojan.OSX.iServices series this past February. A botnet of over 10,000 Macs was discovered performing a DDOS attack via these Trojans.

    I use 3 different Mac anti-malware apps and only ever find Windows malware. Why? I'm not a 'luser'. I'm careful what I install. I'm aware of social engineering tricks. And if I do get pwned, I use a reverse firewall to catch ALL outgoing calls to my network or the Internet.

    I attempt to share factual Mac security information at my Mac-Security blog:
  • AV software show me the updates

    I have an AV software package for OS X that was required by my university. I have been doing an experiment for more than 2 years, every time the AV company creates a news headline, I do a check for updates to the AV product.
    Guess what -- no updates.

    So if I am being told there is a problem and there is not an update to the AV package is the warning real?

    Is AV company really protecting me?

    I see one, maybe two general updates a year for the AV package.

    I am not saying AV is not good because I do have a windows environment to protect and the MAC systems and the windows boxes do talk to each other. I am not sure I see the benefit on MAC OS X.
  • max

    I haven't seen a virus on any of my four OSX systems EVER (I scan for them now and again). In fact, I haven't seen a virus on a Mac since the late 1980's outbreak of nVIR. Although someone may, some day, write a virus for Mac, I'm a close watcher of tech news and I will know about it. At that point I'll run up the freeware options (ClamAV etc) that will inevitably have updated their definitions to recognize it, and I'll deal with it then. The smart PC users who were hit a decade ago did exactly this,and that's what I'll do too. In the meantime, I watch the news and surf virus software free. I don't trust a single thing any 'security software company' says, since their interest is entirely in creating FUD.
  • Unix Arc Bomb Trojan

    About a year ago my Intego VB warned me that there was a Unix Arc Bomb Trojan downloading when I was on Zyxel's site. It repeatedly want to download and I repaired it and tried to quarantine it. I sent an email to to their webmaster of my logs and what page I received the Trojan. Two hours later their site was down for 2.5 days. Happened on Friday at 1pm and they were up again Monday at 10am. That tells me there was redirect code there. I kept getting this Trojan wanting to download. I normally have my NoScript engaged, but did not for some reason that time for their site. I tried to clear all the memory/cache from Firefox to no avail. I then tried a reboot thinking it was just in memory and a clean reboot would clear the repair out of system like in a PC.

    It still wanted to download this Trojan all with different #s and letters I might add. I had a clone that was about 4 days old so I just wiped and recloned.

    What is a Unix Arc Bomb Trojan and what and what did they do to me that this Trojan keep wanting to download more payload every 5 mins. Intego VB told me it was happening but something was in and the repair and quarantine did not stop the repeated tries. I assume a downloader programs was injected that Intego's definitions did not know, but it did know the payload they wanted to download.

    Can you explain to me what is a Unix Arc Bomb and what all was happening in that event.
  • Unix Arc Bomb

    Yes, you posted this to:

    And as of today you are still the ONLY person ever to report such a thing.
  • Thanks!

    Yes, I too was going to comment on Heckman's assertion that BSD was introduced in Tiger of course he did say 2001 but regardless it doesn't give me a warm and fuzzy on this knowledge if he can't get simple facts right!