[X-Newbies] Anti-Virus

Randy B.Singer randy at macattorney.com
Tue Jun 14 16:05:02 PDT 2005 

Al Poulin said:

>I've read this thread and archived the web page at the link listed 
>above.  I did not see any mention of a named virus or malware or 
>spyware that applies to OS X.  Did I miss something?

That article is not terribly well informed or comprehensive.

Have a look at:
<http://securityawareness.blogspot.com/2005/05/comments-from-mac- 
expert.html>

DO NOT take the following to mean that there is malware out there that 
you have to be very concerned about, or that you need to have an 
anti-virus software program.  You probably don't.  However, some folks, 
especially those who use their Mac in a business environment, aren't 
willing to leave their data open to even the smallest potential threat.  
So this information may be of interest to those folks in deciding whether 
or not they need anti-virus software, and choosing which program to get.

There are zero (as in "none") verified viruses in the wild that can 
infect OS X proper.

There are three Trojans/Worms for OS X: Opener/Renepo, the WordInstaller 
Trojan, and MP3/Concept.  Only two of these are confirmed to exist in the 
wild (Opener and WordInstaller.)  The other two are very rare, but Opener 
seems to be becoming more prevelant based on the discussion on MacInTouch 
and the Apple discussion boards.  No one seems to know what the exact 
vector is for Opener. 

http://www.macintouch.com/opener02.html

All of the legacy OS 7/8/9 viruses for the Macintosh can potentially 
infect Classic in OS X.  However, these viruses were designed to 
propogate primarily via the sharing of floppies, so their primary 
transmission vector now being gone, they have become very rare, though 
they are not extinct. (MacAddict even sent out a CD-ROM conataining one 
of them a couple of years back.) You may also want to note that just 
about all of these viruses were not designed to be seriously malicious.

Word and Excel macro viruses also run on the Mac versions of these 
programs.  There are literally thousands of these.  You can keep them 
from running by enabling "Macro Virus Protection" in the preferences of 
each of these programs.  However, some folks might prefer to have an 
anti-virus program that can strip out the malicious macro and leave the 
document intact, rather than only having the option of not opening the 
document and trashing it.

There is spyware for the Macintosh, but it can't be installed via e-mail 
or a Web site.  Installing it requires physical access to the Macintosh, 
and the user's passwords.

Note that clamXav, a free and open source anti-virus program for OS X, 
doesn't protect you from any of the above, with the possible exception of 
the Word and Excel macro viruses, and even then it can't do anything 
better than the built-in ability of those programs to keep such macros 
from running.  I bring this up because many Mac-users mistakenly believe 
that clamXav is a good free alternative to commercial anti-virus program. 
 It's not.  It can only detect Windows viruses, which don't run on a 
Macintosh, and which are easy to spot and just trash on the Mac.



Randy B. Singer
Co-Author of: The Macintosh Bible (4th, 5th and 6th editions)

Routine OS X Maintenance and Generic Troubleshooting
http://www.macattorney.com/ts.html

More information about the X-Newbies mailing list