2006 - First Apple "Get a Mac" add - "Viruses"
The very first Apple "I'm a Mac, I'm a PC" ad aired way back in 2006 was the famous and very funny one titled "Viruses". A week or two a ago, the Mac community had a very interesting discussion about whether or not Mac OS X needs anti-virus protection based on what now appears to be an out of date Apple support document. Although I run a suite of Anti-Malware (anti-virus, anti-spyware, anti=pasta... wait that last one is wrong) on PCs running Windows XP or Windows Vista, I didn't run any such software on my Macs when the OS X anti-virus discussion resurfaced.
Here's what I concluded after thinking about it for a bit though. My feeling is that OS X is a relatively hardended system if it is regularly updated with security patches, an administrative password is in place, firewalls are up in when connected to public WiFi hotspots, and other general safe-tech behavior is occuring. However, there is a good reason to at least scan files on an OS X box: To protect people you know using Windows XP or Vista. This might include you if you run Microsoft Windows as a guest OS under a virtualization hypervisor like Parallels, VMware Fusion, or VirtualBox. I wasn't thrilled with the idea of buying anti-virus software for my Mac. So, I took a look to see if there is an OS X veresion of the Open Source...
And, sure enough, I found the free (but not Open Source)...
...for Mac OS X. So, I installed it on my Mac and have been running it for about a week now.
ClamXav's installation is mostly Mac-ish as you can see from the screenshot above. There is a ScanWithClamXav.plugin file that needs to be manually installed if you want ClamXav to be added to the Ctrl-MouseButton (right-click) menu. You'll find it under the "More" section if you install the plugin. It lets you scan a file or folder without launching ClamXav itself.
This is the main screen. I thought it was some kind of EULA intro screen when I first saw it. But, that giant EULA at the bottom is actually part of the initial window displayed. It would be nice if it became a roll-up window or something in a future version.
The screenshot above is the first of a four-section Preferences for ClamXav. Options like "Alert on virus detection" are turned off by default. I'm not quite sure I understand that rationale. Why install an anti-virus app it doesn't tell you when it finds something? That aside, the lesson here is to look at the preferences after installing ClamXav and setting the appropriate options.
One thing I still need to do is identify what to use in the "Do NOT scan..." entry. The first things that came to mind are the large virtual disk file created by Parallels, VMware Fusion, and VirtualBox.
You can probably guess what the second and third preference panels are about. So, the screenshot above is the fourth panel. This preferene panel lets you set what gets watched and scanned. It also lets you decide what to do with files that are thought to be infected with malware.
This final screenshot shows you the result of scanning a folder. It happens to be my Documents folder (and sub-folders). I didn't have any Windows XP malware samples to test against (I used to keep some on my Linux box to test ClamAV there but stopped doing that a few years ago). And, I have not looked at how effective ClamXav is compared to commercial products. But, my tests of earlier versions of ClamAV for Linux showed the underlying engine and database to be pretty good. Not great, but pretty good. ClamXav appears to be relatively light weight. And, if it helps protects my own Windows XP and Vista PCs as well as people I exchange documents with, then it is probably worth running on my Mac for now.
Categories
Mac
Read More Entries by Todd Ogasawara.
Become an O'Reilly Member
Visit the Digital Media Forums
Subscribe to the Digital Media Blog Feed
Subscribe to the Digital Media Newsletter
for protection my mac I prefer to use Protemac Netmine
thank you for this post.
I just know that ClamXav is the worst antivirus for mac. yesterday I was trying to install it, it caused so much problem to my computer and me, like it's not user friendly, not good Interface, no clear instruction on how to run, once installed you cannot change the destination folder, it won't let you do that, so much problems in uninstalling, when you try to drag and drop it in other folders, it just creates shortcuts. Finally I have to remove all those files related to it after 15 minutes of installing it. Its the worst program I ever faced.
Varsha
Todd,
I have used ClamXAV for a few years now. Every few / 6 months/ annually I scan for viruses; I don't run the scanner all the time. All I have ever found was some Java JAR (?) files that it thought were odd; I didn't do anything about them. Then again, I don't share lots of files, etc.
I don't remember having any odious popups when I used ClamXAV.
Do you have any experience with PC Tools' iAntiVirus, ( http://www.iantivirus.com/ ), which is free for non-commercial users and is minus tech support (for commercial users or for tech support it's $30/year).
Does anyone else out there have any experience with iAntiVirus?
Nicholas: I have not seen a single pop-up from ClamXav so far. BTW: I think you missed the point of my blog item. If you read it, you might note that I also do not think OS X itself needs anti-virus protection (yet). The point of installing anti-virus on an OS X system is, as Simdude also pointed out, to prevent harboring and forwarding an infected file to a Microsoft Windows user.
Hmmm ... "Free" is somewhat of a misnomer in ClamXav's case.
Now Clamav the commandline scanner which the product uses (and which Apple ships with Leopard server) certainly *is* free:
http://trac.macports.org/browser/trunk/dports/sysutils/clamav/Portfile
However, the so-called ClamXav, which is a Java-based frontend to it is freely distributed, but has very aggressive pop-ups, which let you know that the developer really would like some money (at least it did some time ago when I took a look at it, and I doubt anything has changed). That's his privilege, since he put the work in. But I would say that when someone makes it as clear as that that he expects payment it would be unethical not to respond to his plea.
I don't believe antivirus software is necessary on a Mac. I'm not willing to pay for something I don't need. And, for anyone with a conscience who lives by give-and-take and tries to see that both parties to a transaction/agreement are satisfied ClamXav is not _really_ free.
That leaves those who want a truly free solution with the option of installing clamav from MacPorts and using it at the command-line. Many Mac users are scared of the command-line and would probably balk at that. A more serious objection is that any software which you don't strictly need is better done without, because all unnecessary software can cause problems of its own (don't think there's no downside.)
It's different for those running a server - particularly a mailserver - of course. And users in offices who must receive and send Microsoft Office documents, which may have macro-viruses that will damage PC users, will have AV software supplied by their IT department anyway.
For the average home user, no such software is necessary. Those who install it are substituting fear for reason and logic.
Simdude: Yep, I just took care of that comment spam. Captcha only gets you so far, I guess. It stops ME quite a bit though :-). Your use case is exactly what I was thinking about. Thanks for confirming my thought. I might have saved some test viruses on a CD-R somewhere. I'll try to dig it up this weekend and test them (even though they are super-old samples) against ClamXav this weekend.
Todd,
Looks like the spammers figured out a way to post on your blog. :-(
Anyway, I have also been using ClamXav for a while now. It's hard to say how well it works because I've yet to encounter a virus. I do think it's a good idea to keep running though. My step daughters often use Limewire on a PC and scanning that machine often reveals viruses in mp3 files so if you have this on a mac, you could still be propagating viruses even if they don't affect you. The other computers in the house are macs and I keep them pretty locked down so no limewire etc. but it still never hurts to scan regularly.