2

There is a very interesting post written by @TechZen. Here's the excerpt from the original post (bold emphasis mine) Should I get an antivirus for my Mac?

There's never been a an actual Mac OS X or iOS virus in the wild that infected any end user's computer. Viruses are malware that can auto replicate without human interaction. All the malware listed in the 10 years of Malware for OSX article are actually trojans. Trojans require that a human being intentionally install the malware and give it permissions to run.

The Mac already comes with Apple's File Quarantine system, which has a trojan blacklist built-in that Apple maintains and updates. Since most trojans now are encrypted, I doubt a 3rd party app will do a better job than the OS.

To use a 3rd party anti-malware program, you have to give that program itself the run of your system and that causes it's own problems and opens its own potential security holes. The tradeoff just isn't worth it in the vast majority of cases.

So the question is, "Will 3rd party antivirus/antimalware programs compromise OSX's built-in security? "

If yes, in what way could it compromise the Mac?

Thanks!

Community
  • 1
Honey Badger
  • 419
  • 1
  • 4
  • 8
  • Given that the first paragraph is already [completely incorrect](http://www.welivesecurity.com/2014/03/21/10-years-of-mac-os-x-malware/), why would anyone bother about the third one ? – Stephane Dec 29 '14 at 10:14
  • @Stephane, the link you posted actually validates that TechZen was correct. All the malware mentioned in your article required human intervention to run. – Honey Badger Dec 29 '14 at 23:45

1 Answers1

1

Security software is not necessarily more secure than ordinary software. Less so when this software is wide spread, has extended functionality and runs with maximum privileges. Antivirus (AV) fits that profile and even more, it plays on the fears of people, that's why fake AV software is thriving.

There have been many examples of security software vendors and specificaly AV products having exploitable vulnerabilities, like Sophos, Kaspersky, McAfee and Symantec.

A 2014 survey of AVs found that the software we use for protection might be used against us:

During his SysScan talk, Koret disclosed vulnerabilities and some other security issues, like the lack of ASLR protection for some components, in antivirus products from Panda Security, Bitdefender, Kaspersky Lab, ESET, Sophos, Comodo, AVG, IKARUS Security Software, Doctor Web, MicroWorld Technologies, BKAV, Fortinet and ClamAV. However, he also claimed to have found vulnerabilities in the Avira, Avast, F-Prot and F-Secure antivirus products. Source

"The Mac" is no special case, it has malware and even malware outbreaks of sizeable proportions (600,000). A Mac AV has to have complete control in order to inspect user-mode software. No built-in protection would help you from shooting yourself in the root.

iOS is better than Mac OS because of tight controls around the ecosystem. You don't have root level access, it's as simple as that. Apple controls what software is allowed to run on your phone and tablet. The few iOS AVs have little functionality because even they are restricted.

Given this, using AV is still a tradeoff. And it also depends on what you are protecting and who is using the machine. I would not install a free Chinese AV on my company's CEO's Mac, but I would install a known brand AV on my grandmother's Mac.

Cristian Dobre
  • 9,797
  • 1
  • 30
  • 50