6

Yes, I know it's a tricky question and a bit personal, but I really don't know much about the security that is in place by default in apple and I don't really know how secure it is and how it would improve by installing and antivirus in my mac.

This question is for a mid size company of ~100 employees and I am a developer, like the other 15 of us.

After an email thread in which I said I had no antivirus in my MAC, (I never did in any of my previous jobs) I got an answer from my CSO that I should install an antivirus A.S.A.P. and that I should take care of this issue.

He didn't recommend any software and he didn't say that I needed to have an antivirus because of anything specific. He said just that I needed to have one.

Is there any security practice that can be done in OSX, or is there any antivirus already installed within the system? I am trying to explain to him that the antivirus is not really needed in OSX, but I don't really know many arguments more than the typical it's a different file system than Windows (which is the company's standard)

What do you think about this case, would you install something? and if so, is there anything recommended?

Could you help me or him giving more arguments to why it's needed or not to have antivirus? Something more than just saying "We need one"?

Sorry for the personal and long question but I didn't find a similar question on the forum that is up to date

PS: Forgot to say the mac is mine (had to buy it cause they don't give anything other than windows).

Alejandro Vales
  • 159
  • 5
  • 1
    This seems to rather be a compliance- than security related question; if you just need to comply to the house rules and have any AV installed, why not just install for example clamAV? It also is a different kernel, different operating system and different programs than windows machines. Also, mac instances are not as common, reducing the potential benefits of exploits. It's not inherently safer but it just doesn't yield as much for attackers and exploit writers. – Tobi Nary Jan 19 '18 at 12:56
  • @DanielPryden please note that even though it's true that is somewhat similar to that question, mine is focused to using the mac *for a company*, and that question seems to be for *personal use* – Alejandro Vales Jan 19 '18 at 20:34
  • 1
    @AlejandroVales why would the answer be different? How does it being a company affect possible answers? – schroeder Jan 19 '18 at 21:01
  • 1
    Technically speaking, macOS has a built-in antivirus software called XProtect. I don't know how great it is, I've never actually seen a warning from it or a true positive warning from any macOS antivirus. – Alexander O'Mara Jan 19 '18 at 22:08

2 Answers2

1

The idea that "my OS doesn't need antivirus" is patently wrong. I saw a presentation some time ago that said that something like 90% of viruses/malware are written for Windows. That leaves around 10% for other platforms, such as Macintosh/Linux/Unix. Granted that percentage is small relative to Windows, but the important thing to note is that it exists and that malware for those platforms exists. I'd also note that the amount of malware written for the Mac platform is growing (CIO magazine)

Malware is also written for 3rd-party plugins, such as Flash and Java. Those don't really care what OS you run.

I say this a lot: look at what happens if someone is wrong. If your CSO is wrong and AV is not needed, they've wasted the company's money. That's really all that has happened, and that's the CSO's problem. However, if you're wrong, you have malware on your Macs and no easy way to detect and control it. And when it somehow gets discovered, you're going to look foolish if not unemployed.

There are many antivirus vendors out there. For larger enterprises, McAfee seems to be a popular security suite. For 100 users, you probably don't need all the admin tools and other features that McAfee offers. You can check out Tom's Guide or other sites to look at ratings for how effective antivirus suites are.

Do a quick Google search on "Wannacry on Mac" and you wind up with a lot of results. I'd suggest reading the Intego and CIO articles, both of which support my main point - that Macs need protection.

I'm not an expert on securing Macintosh, so I'll leave that to folks who know more than I do about that particular subject.

Edit: Within an hour of posting this, a new thread on malware for Mac has appeared on this forum, which only further supports my point.

baldPrussian
  • 2,768
  • 2
  • 9
  • 14
  • Do you think that iOS needs an antivirus? What about ChromeOS? In a sufficiently secure enough OS, no untrusted software of any kind should ever execute, so no separate antivirus component should be necessary. And in fact, allowing one program to inspect other programs actually *creates* a virus risk -- if an AV program can get that kind of access, what else can? – Daniel Pryden Jan 19 '18 at 17:52
  • iOS - absolutely. https://www.sophos.com/en-us/security-news-trends/security-trends/malware-goes-mobile.aspx Chrome OS? Yes. There is at this point no sufficiently secure OS that makes me say "no further malware protection is needed". You can harden an OS to make malware less likely to be effective, but relying on your own skills pits you against the rest of the internet. I don't like those odds. – baldPrussian Jan 19 '18 at 18:10
  • 1
    You are conflating "malware protection" with "anti-virus software". Those are *very* different things. An air-gapped computer can be completely protected from malware without any anti-virus software. I am far from convinced that, in 2018, anti-virus software is an effective malware protection mechanism. – Daniel Pryden Jan 19 '18 at 19:01
  • 1
    taviso@google is quite convinced that anti virus software often increases the attack surface dramatically. I agree with him. Installing bad software and not applying patches are the primary reasons most people are compromised. If you are skilled enough to do these two things well, you should not use an anti-virus for any OS. – returneax Jan 19 '18 at 22:41
  • @returneax And you trust your users to not do bad things? – baldPrussian Jan 19 '18 at 23:03
  • I trust myself not to. My point is that it's not always necessary and sometimes it decreases security instead of increasing it, in the case of power users, for instance @baldPrussian – returneax Jan 19 '18 at 23:46
0

I am trying to explain to him that the antivirus is not really needed in OSX, but I don't really know many arguments more than the typical it's a different file system than Windows.

There is one simple reason for that: there are no (other) arguments. MacOS has some built-in security features. If you read the article, none of the features listed, have the same functionality as a frequently updated(!) anti virus software.

Installing an AV from a trusted vendor typically has pretty much no downside and a lot of upsides, e.g. protecting your data, your source code, and access to your machine (pretty cool stuff, eh?). Some of these downsides were mentioned in the comments, IMO these are either fringe cases (Meltdown patch), or not applicable for an everyday user.

If the source code you are developing is extremely valuable, you should ask your CSO for guidance or a software recommendation. This is his job, not yours. In any case there should be a company wide standard for anti virus software, in particular if your threat model includes targeted attacks.

This is not the right place for product recommendations, though. You can head to the Software Recommendation SE or fire up your favorite search engine. I personally would also advise to start using a host-based application firewall besides the built-in one, if you don't do that already.

Tom K.
  • 7,913
  • 3
  • 30
  • 53
  • Nice point about the firewall. – baldPrussian Jan 19 '18 at 14:23
  • 2
    I'm not sure I agree that "Installing an AV from a trusted vendor has pretty much no downside". Several "trusted" AV vendors have had serious security vulnerabilities in the past. Some AV software actively *defeats* security protections from the OS. (Off the top of my head: disabling ASLR; bypassing kernel memory protection and thus crashing when Meltdown patches are installed; inserting a local CA to allow unlimited MitM SSL interception; I'm sure there are others.) The question is whether the protections outweigh the risks, and I think that's a very legitimate question to ask. – Daniel Pryden Jan 19 '18 at 17:48
  • @DanielPryden You are right, my wording was not exact. Edited my answer. – Tom K. Jan 19 '18 at 20:57