Macs don't need an antivirus?

I think that viruses don't do such things as destroy batteries.

I haven't read every single post in here, but no matter the OS, it'll eventually need protection. I too have pondered why apple's logo has a bite taken out of it. Perhaps a bug ate it :haha:.
Anyhow, I'm in the better safe than sorry category. :grinthumb

Oh man, how did I know that the bitten Apple joke was going to come back and bite us??

To be honest that's a weak argument that makes no sense... a "non savvy" sharing an "infected" file with a "savvy" user?

That one has already been wheeled out a few times - it's not a virus...

It's actually poor article from an ill informed viewpoint which repeats a lot of the same old nonsense.

Yes, there is no doubt that as apple gets more popular more viruses will be written and more exploits will appear and thus be found and exploited - but it's worth noting that viruses don't require the presence of exploits to be affective. Most viruses depend on a silly user to "double click" and that's it. Once again if the user executes the virus code while logged in as a use, the code will only inherit the user permissions - it won't be able to harm the system beyond what the user does or install any system servers/init scripts. This is one of the many reasons why *nix is not a very attractive market for the virus programmers...

The danger here is to to lump "security" and viruses into one category - which has certainly been the case throughout this thread. You could indeed have the most secure system in the world, but if I send you a shell script, or "batch file" as you may call it, and tell you to log in as root and run it without inspecting it's contents, you are taking a huge leap of faith by anyone's standards. If you tried to run it without being root, you would simply get a permissions error - at the worst it might rm -rf your user's /home directory but that's it.

On the whole though I'm not sure you'd want to run a resource hungry piece of bloatware that scans every file operation, download and code execution just to prevent you from doing something stupid to your own system...?

The number of users, i.e. the market share, is irrelevant to security... your windows pc for example is not really a target for hackers - whereas e.g. a small datacenter running 20 or so freeBSD servers for an online retail site might be.

To cut a long story short - *nix is already out there, it's exposed and it's penetration tested regularly. In the case of open source platforms such as Linux and BSD *nix, which are built from the ground up with security in mind, their code is available to everyone so they cannot rely on the *****ic "obfuscation" idea mentioned in the article. Software obfuscation is in fact used by apple to protect their proprietary formats and protocols - it's not used for "security" reasons.

Windows was never built with security at it's heart or as it's main function - windows is insecure because microsoft have made it so - it also serves to keeps the massive anti-virus / technical support eco system built around ms products humming along nicely.

As a Linux user I have no need - but of the anti-virus programs I could install, most would just be wasting valuable resources scanning files for windows viruses... which I don't really care about as my machine is a desktop, not a mail/file/web server. Also seeing as I only use the official repositories to build software or build from source, I wouldn't have any files to scan...

I would say that before people assume that all OS need windows style anti-malware protection - they should think again and actually try using a non windows OS as their main OS for several months before making such sweeping statements.

The danger here is to to lump "security" and viruses into one category - which has certainly been the case throughout this thread. You could indeed have the most secure system in the world, but if I send you a shell script, or "batch file" as you may call it, and tell you to log in as root and run it without inspecting it's contents, you are taking a huge leap of faith by anyone's standards. If you tried to run it without being root, you would simply get a permissions error - at the worst it might rm -rf your user's /home directory but that's it. Sound familiar?

How Root-Proof is a linux distro? Could a newbie who heard it was virus-proof go and be in root all the time and go infect his system? Possibly learn Linux programming? Share his must be in root program with the world? Say he was your best friend. Surely you will hear about it. Now refer to your statement above.

I don't have a lot of technical information to add to this debate, but I do have emotionally based information that I can add.

First off since the year 1995 I had been a Microsoft Windows user, right up until about 4-5 months ago. And through all those years of the Windows 95's, 98's, the M.E.'s, the 2000 pro's, the XP's and lastly the Vista's, I have had some dealing with viruses hitting my old machines and sometimes messing up the works. Yes, I know, anti-virus software would have handled those issues, well I was running that software, Mcafee, Norton, Symantec, AVG, and so forth, they all got their fair share of time on my systems, and still once in a while I would got nailed with something.

Now I'm not going to get to political here as to why that up until 4-5 months ago I dropped everything to do with Microsoft, other than to say I was tired of being controlled by a monopoly, or it's our way or the highway mentality. Now I made a real good switch, I made the choice a while back to run with Linux Ubuntu 10.10 (Desktop Version) (64bit). I know every computer in the world is susceptible to something, no system is iron tight. But do you know the kind of liberating feeling that comes when one almost 99.99% of the time doesn't have to worry about viruses. Do you know the peace of mind that comes with knowing your running with an operating system that from the get go was built with security as it's premise. Do you know the comfort in knowing that each and every time you want to fire up a computer it will be exactly as you left it, no viruses that can take advantage of peoples boot ups or re-boots, no nothing, just rock solid systems.

Just to satisfy my own self created paranoia, I went ahead and installed ClamAV and Firestarter for Linux based systems. I've been told that I will never need those things, but the old Microsoft Windows part of me just couldn't live without the stuff, peace of mind generated by things installed on my computers that I will never use, go figure.

No, because my example is purely a hypothetical one and referred to the "savvy" user giving the malicious code the "non savvy" user - not the other way around.

If you're asking those questions, then perhaps you shouldn't have been making those previous statements/assumptions? If you have so little experience of *nix systems, as is clearly the case, then might I suggest you enlighten yourself at some point in the near future? And I don't mean going off and reading a lot of articles like the ones you linked to - I mean actually install it and use it?

Mostly true, but in last 19* years I have never ever had any virus + malware type of issue, and except for few short visits to have a peek at RedHat / Canonical etc. I haven't bothered with Linux, mostly because in the past getting the right drivers for your hardware can be RPITA.

By the way, I always kept just one AV in case I need it, and rest of it was just plain common sense. In this time period I've used Win 3.0/3.1, NT 3.x, NT 4.x, Win 95/98, briefly tried WinMe but never liked it, Win2k, Win XP x86/x64, Win Vista x86/x64, and Win7 x64.

I agree with caraval's observation that Windows wasn't designed with the security in mind, earlier on, but situation improved considerably since Vista. IMO 99+% infections happens because of the stupidity of the users (at least that is my experience from my IT days).

* I never have had any of my personal computers infected by any thing, and only once my work computer was infected, because a CAD Draftsman was stupid enough to bring some infected floppy and use it on my PC. I promptly got him transferred and never allowed him to use any of the PC's in IT department

Absolutely true SNGX, and to make it more clear 'every OS is as much secured/protected as the user want it to be', period.

Complete waste of effort and resources.

Firestarter is simply a front end for configuring iptables, it's not a firewall... If you're connected to the internet by a NAT router you don't really need it for normal desktop use. If your 'buntu box were a router or directly connected to the internet via e.g. a dsl modem, you might need it (or just iptables).

ClamAV is aimed at mail servers - it's not really intended for the "classical" windows style desktop use.

Again it's your choice if you want these things installed - I'm merely pointing out that it's unnecessary and challenging the blinkered "every OS needs protection" nonsense that has been posted and reposted here.

What about kernel level exploits? Surely no matter how securely Linux may have been configured, if someone find a hole in it (anyone remember NULL pointer dereference bug found in Linux few years ago?), they can do pretty much whatever they wants.

Add to this the possibility of some bugs in the hardware virtualization technology, which can be abused to create say a stealthy hypervisor (or a BluePill) and move, on the fly, the running OS into a virtual machine, controlled by this stealthy hypervisor, in such case Linux or no Linux, it wouldn’t matter at all.

For example, if there is a system integrity scanner, monitoring all of kernel code, data structures, and function points to see if any of them have been hooked/or compromised. Even this scanner will be unable to detect any such BluePill like malware, because, unlike all previous kernel-mode rootkits, BluePill doesn’t hook anything in the kernel code or data. It just sits above the kernel and doesn’t need to modify it in any way.

To top it all this, BluePill have one of a kind feature, i.e. its support for nested virtualization, e.g. one can load BluePill, and then, in that virtual machine created by BluePill, start a normal hypervisor (e.g. Virtual PC, making use of VT-x/AMD-v), then you can even load several instances of BluePills inside each other. It is interesting to see something like this having the nested virtualization support.

I think Security by Isolation approach (despite being the most difficult one to implement) seems to be very interesting in increasing the overall security/exploit prevention of OS. Hence, Qubes OS may probably be the most secured OS whenever they eventually launch it, specifically because of its Security by Isolation approach. It is based on Xen, X Window System, and Linux, and it looks to be promising prospect for my next venture into the alternative OS world.

Note: I am debating to enhance my understanding on the topic, not to indulge in pointless debate whether windows is more secured, or linux is better *******.

You are right, and I do plan to use it in the near future.

An anti-virus software is not going to help much in the case of a kernel level exploit - patching and rebuilding the kernel will certainly help...

//edit:

If you need any advice on a distro there's always this forum - there's also linuxquestions.org and linuxforums,org. Contrary to popular belief, buntu and mint are not always the best choice for noobs, but debian package management (which both use) is one of the best and easiest to deal with.

Exactly, not something you'd expect a normal user to be able to do.

In fact I will take it a little further, as far as I understand AVs run at Ring 0, so does the rootkits (and the likes), so there isn't any clear winner, in fact it is more like a draw. Though IMO malware usually wins in the short-term, which is horrible anyway, as for malware, it just need to survive a few weeks (or days) to do its job.

Edit:
Oops sorry I forgot to link you guys to Qubes.

Did you forget to include a link there?

I mean this forum: http://www.techspot.com/vb/menu16.html

//edit: There are of course others - but they tend to be distro specific and will of course tend to advise you to you use their distro...

It's actually not the most complex thing ever... but it's usually unnecessary for the fabled "average user" as distro maintainers patch their kernels - backporting bug fixes from the mainline kernel.