All right, people, here’s the deal.
I just published my take on the whole “Apple he said/she said you do/don’t need antivirus” thing over at TidBITS. Here’s my interpretation of what happened:
- Back in 2007 some support guy posted a list of major AV products supported on the Mac.
- On November 21st, it was updated to reflect current version numbers.
- Whoever wrote it is a shitty writer, and didn’t realize how people would interpret it.
- The press found it and trumpeted it to the world.
- Apple management went, “WTF?!? We don’t tell people they should install three different AV programs all at once. Hell, we never tell them they need AV at all. Not that we’re going to tell them *not* to use it…”
- The support article was pulled and statements issued.
- Some people called it a conspiracy, because they like that sort of thing.
- Somewhere deep in the bowels of 1 Infinite Loop, there is a pike, holding a bloody head, on prominent display.
So no, most of you don’t need antivirus. You can read my article on this from back in March if you want more help deciding if you should take a look at AV on your Mac.
Alan Shimel is one of a group of people who think it’s about time Mac users payed attention to security and installed AV. I like to break that argument into two sections. First, as I’ve learned since writing for TidBITS and Macworld, the average Mac user is definitely worried about security. But (second) this doesn’t mean desktop AV is the right answer. Right now, the risk of malware infection on the Mac is so low for the average user that AV really doesn’t make sense. That can change, heck, it probably will change, but that’s the situation today. Thus I recommend most people use mail filtering and browse safely rather than installing desktop AV.
Not recommending AV isn’t Apple’s ego (and I don’t deny they have an ego), it’s a reflection of the risk to users in the current environment. Now the odds are us Mac security types will recommend AV long before Apple does, but that day definitely isn’t here yet.
Apple didn’t reverse their policies- something slipped out from the lower levels by accident, and all the hubbub is much ado about nothing.
The day will likely come when Mac users need additional malware protection, but today isn’t that day, and even then, AV may not be the answer. Read my older article on this, and keep up with the news so you’ll know when the time comes.
Reader interactions
4 Replies to “Apple Antivirus Thing: Much Ado About Nothing”
Loner,
Yes- in the article and the TidBITS article it references I make it clear that you still need AV in enterprise environments- no argument there.
I”ve talked with multi-Mac admins and haven”t found anyone with an AV problem yet; just the occasional trojan. There aren”t many Mac trojans right now, and even unaware users encounter them VERY infrequently, thus the basis for my advice.
It’s going to change someday, and when it does I”ll try and be one of the first to spread the word.
Then again, I”m not sure signature based desktop AV will really help once it *does* happen.
Are you speaking to home consumers or enterprise Apple users?
I assume home consumers since you”d otherwise be saying enterprise Apple users can go about their day unprotected in the business? While I don”t challenge that the risks are lower on a Mac, but are they low enough to eschew it all on that gamble? At some point, Windows was treated like that once too…
It has not been my experience that you can tell Apple users to "browse safely," and they will browse any better off than normal Windows people. I know we have more than several security geeks with Macs these days, but that is not what I have found to be the norm amongst Mac users I”ve known. The only thing "protecting" them is less focus on the Mac as a target. And I just don”t necessarily accept that risk valuation at face value (e.g. it could change tomorrow) and would rather just throw an AV on the desktop and be done with it for now.
I would, however, love to hear from someone who manages and administers an enterprise filled with Macs. Every place I”ve worked only a handful of designers who make up a tiny fraction of the computer base has been on a Mac. I wonder what the experience is for a few thousand Macs under one collective roof would be?
y”know what, i”m actually not saying you are wrong, nor am i saying you”re right… i”m proposing a model for coming up with a lower bound for the risk…
you can try using infection rates too, but that depends on accurate measurement of the infection state of a statistically significant sample… since making that measurement sort of implies using anti-virus software and since anti-virus deployment is hardly ubiquitous or uniform across the mac platform, i worry that unseen bias will skew those results…
i also worry that people are looking at raw rates instead of per capita rates within the relevant population, but that’s just me not trusting measurements without knowing a lot more about them…
the chance of exposure to mac malware is at least equal to (though probably somewhat greater than) the chance of exposure to the rather popular zlob trojan for the windows platform… the reason being that the zlob gang ported their successful windows malware campaign over to the mac os x platform over a year ago and have been pushing their malware for both platforms on their download sites…
there’s a lot of talk about the risk of mac malware being low but it hasn”t seemed to be to be based on anything but gut feeling and the lack of a blaster-style outbreak for the platform… the above should at least put a somewhat concrete lower bound on the risk…