Sophos: malware on the Mac is real, here's a free antivirus

By on November 2, 2010, 2:17 PM
Sophos has released a free antivirus product for consumers using Mac OS: Sophos Anti-Virus Home Edition for Mac. Although commercial antivirus products for Macs have been available for some time, Sophos' offer is one of the very few free ones.

The Internet security firm took its existing enterprise antivirus software and slimmed it down to reduce complexity. Interestingly, the company has no plans to release an equivalent free version for Windows. Windows threats are in the millions while the number of strains of Mac malware is in the thousands.

Sophos says past threats to Mac users have included:

  • Websites that pose as legitimate-looking software vendor's sites, but whose downloads are really Mac malicious code.
  • Malware disguised as pirated software available for download from P2P file-sharing networks.
  • Sexy online video links that urge you to install a plug-in to view the content, but really infect your computer with a Mac Trojan horse.
  • Popular Twitter accounts, such as that belonging to former Apple evangelist Guy Kawasaki, who have tweeted out links to websites designed to infect Mac computers.
  • Windows viruses and other malware, which can come in via e-mail, the Web, or USB drive, either being passed on to Windows-using friends or colleagues, or infecting virtual installations of Windows installed on a Mac.

The UK-based firm's approach to Mac security is very interesting: the company claims all it wants to do is raise awareness. Sophos will have to run a dedicated support forum and won't even be converting users to paid-for consumer versions of its security software, which is how most security companies justify their free versions. Panda Security, which recently also released an antivirus for Mac, made a point to say Mac OS is less secure than Windows and then offered its solution for $50.





User Comments: 34

Got something to say? Post a comment
silvershad0w said:

in my experience, mac is pretty darn secure. some of our clients have quite a few macs used in their business process and i've not seen any of them come in with malware. panda security's claims that macos is less secure than windows is absurd. you can simply argue that there are more windows threats in comparison to mac due to windows' much greater market share and this does some hold truth. however, the architecture of mac makes it it more secure and stays that way without the need for constant, bloated updates.

poundsmack said:

OSX is less secure than Windows 7 (I am being specific here for a reason). It's just that OSX has far less interest as being a target for hackers/virus writers/script kiddies/ etc... most security experts and hackers will tell you that if they have experience with both systems.

That being said, I have never liked Sophos's products on windows or mac. They just don't compare favorably when put side by side with their competitors. BitDefender or Dr. Web are much better pieces of software for OSX.

taea00 said:

I don't agree that Mac is as secure as they think they are. With more eyes looking you're going to find more security holes. This is one of the reasons Windows appears more insecure. It could be because they have less secure programming practices, but they also have a far greater number of people looking for those security holes.

Every system is going to have security holes, especially with our society today of wanting more productive and useful software. it's an eb and flow with the devs creating new software and then going back and making sure it's secure.

Security issues are always going to be a way of life.

gwailo247, TechSpot Chancellor, said:

silvershad0w said:

in my experience, mac is pretty darn secure. some of our clients have quite a few macs used in their business process and i've not seen any of them come in with malware. panda security's claims that macos is less secure than windows is absurd. you can simply argue that there are more windows threats in comparison to mac due to windows' much greater market share and this does some hold truth. however, the architecture of mac makes it it more secure and stays that way without the need for constant, bloated updates.

If you took the time to read most of the threats that the company is warning against are social engineering intrusions, not some hacker trying to get into your Mac while you sleep. So if you're a Mac user who thinks his computer is safe because of "architecture" then you're even more likely to click on the link which will infect your super safe Mac. And if you're talking of clients, and are apparently in the IT field, your belief that OSX is somehow inherently secure is really curious.

FransB said:

Good to do this, the mac is getting more interesting for virus makers. And if one good virus comes out for the Mac alot of Apple users will be too ignorant (no offence) to believe it because "Macs cannot get viruses"

The Silent Trojan Horse is the best way to infect a mac at this point because the users will not believe it i think.

a Mac hacker once said that windows is safer but you must see it like this way.

Windows is a heavily guarded house in a bad neighbourhood

and

OSX is a house in the middle of nowhere without locks.

Yosip said:

Who said there is no viruses for Mac? You dont have antivirus on them so you ******* dont know.

princeton princeton said:

gwailo247 said:

silvershad0w said:

in my experience, mac is pretty darn secure. some of our clients have quite a few macs used in their business process and i've not seen any of them come in with malware. panda security's claims that macos is less secure than windows is absurd. you can simply argue that there are more windows threats in comparison to mac due to windows' much greater market share and this does some hold truth. however, the architecture of mac makes it it more secure and stays that way without the need for constant, bloated updates.

If you took the time to read most of the threats that the company is warning against are social engineering intrusions, not some hacker trying to get into your Mac while you sleep. So if you're a Mac user who thinks his computer is safe because of "architecture" then you're even more likely to click on the link which will infect your super safe Mac. And if you're talking of clients, and are apparently in the IT field, your belief that OSX is somehow inherently secure is really curious.

Not curious. He's simply a liar

Mushroom said:

Nothing bad happens to a mac, Steve jobs told me so.

gLitCh32 said:

fransb said:

Windows is a heavily guarded house in a bad neighbourhood

and

OSX is a house in the middle of nowhere without locks.

It depends on who's using Windows, cause it's not always heavily guarded.

I don't know enough about Mac to make much of a comment, but I've got a buddy that will tell me all about how secure OSX is once I tell him about this software. One question, doesn't OSX use the same DAC methods as Linux? That's gotta count for something, right?

Jibberish18 said:

Ahhh yes, the ole OSX and Virus shabang. Free + Antivirus + OSX = Good for me. I'll try it out. currently I just use ClamX for anything although it doesn't have real time protection. Still, I browser smart enough to probably not need it. Then again with the newest Java virus that just hit OSX........I'll report on how this free Antivirus is probably tonight.

FransB said:

gLitCh32 said:

fransb said:

Windows is a heavily guarded house in a bad neighbourhood

and

OSX is a house in the middle of nowhere without locks.

It depends on who's using Windows, cause it's not always heavily guarded.

I don't know enough about Mac to make much of a comment, but I've got a buddy that will tell me all about how secure OSX is once I tell him about this software. One question, doesn't OSX use the same DAC methods as Linux? That's gotta count for something, right?

True but the security built-in in the OS is much better in Windows then in OS X (And then i dont mean UAC or something like it) Alsa and stuff. Microsoft knows more about security then OS X.

shortie said:

Ow no .... no viruses for mac's :P rofl

motrin said:

i feel like sharing this with my facebook friends who own a mac.. but then again i feel liek not sharing it, so they find out the hard way! lol..

HaMsTeYr HaMsTeYr said:

Mushroom said:

Nothing bad happens to a mac, Steve jobs told me so.

Steve jobs also said "This changes everything... Again."

I guess he was referring to the virus outbreaks that macs will have in the future.

Seriously though, nothing is secure behind the hands of a human being. We're really known to break stuff. Often. A lot of stuff.

mtrenal said:

There is certainly a bitter side of me that wants to let all the mac users keep thinking that they're super-fortress of a virus-smasher can wade through the virtual waters of hell itself before they get a virus.

To think that Macs are more secure by nature is just ignorant. To think that they are more secure by circumstance is valid, but as Mac works towards its goal of a larger and larger market share, their users (especially the ones they tend to target- the ones who dont know how to use computers) will somehow need to deal with growing popularity of viruses and threats.

archd said:

Mushroom said:

Nothing bad happens to a mac, Steve jobs told me so.

well this site think it otherwise http://www.securemac.com/

PanicX PanicX, TechSpot Ambassador, said:

You'll have to excuse my laziness here, but I commented another article about this same debate and rather than rephrase it I'll just quote it.

PanicX said:

The comments here have left me daunted.

I'm guessing there's a bit of trolling going on, but wow, just wow if there isn't.

Now, I'm not an expert in security, but I'm pretty sure the basics aren't that hard or complicated for anyone here to grasp. The pedantics of which operating system is inherently more secure are too difficult to derive, as no body knows how many undiscovered vulnerabilities remain in each OS or how many will be created in the future.

If a particular OS has patched 400 vulnerabilities last year and another only patches 50 vulnerabilities, would you say the one with 50 patches is more secure? How could you know if that OS only has 50 vulnerabilities as opposed to 50,000?

Saying that my OS is better because you don't run as admin or my UAC prevents vulnerabilities or my market share is too small is naive at best. An exploit is code that uses vulnerabilities to execute code irregardless of your security design. If even 1 unpatched exploit exists for your operating system, you cannot claim your OS is secure.

The real measure of the security of an operating system is by the patch response times to vulnerabilities found and active wild exploits. The longer you're forced to remain unpatched to known vulnerabilities, the more insecure you are.

I haven't seen a vulnerability patch response time report in a few years, but the last one I came across showed ~ 4 day response time average for Linux kernel patches, ~ 45 day response time average from Microsoft, and ~ 4 month response time from Apple. (This is from memory, my apologies to fanboys if I'm off a little)

The only factor outside this that I can think of is the fact that Linux is open source and if so inclined, one could create their own patches much easier than with the other operating systems.

uttaradhaka said:

I think MAC users should seriously download and install AV in their computers, now that viruses for the MAC are being written more and more. Otherwise, the environment can get really nasty with viruses going around the MAC ecosystem without any hindrance.

kaonis92 said:

I think that the recent security companys obsession with Mac being unsecure will make many hackers develop malicious software for it...

surbey said:

I thought some time ago that Mac was secretly bundling anti-virus into their OS. Anyone heard of this?

I've always thought of Macs as more secure because their market share is considerably lower than the PC; I didn't feel they were more secure because of their OS or design. I have had to explain this to so many end users that it makes my head spin.

frodough said:

it's all about public exposure, that's how viruses work, windows being the major target of it b/c its market share (number of ppl who use it) as compared to apple's the difference between the 2 usually made apple an undesired target.

jjbeard926 said:

While Mac is MORE secure. It isn't bullet proof. There are still viruses written for it as well as Malware. I wouldn't run any computer on the internet without some form of anti-virus anti-malware product on it.

Also for corporate setups you need some form of anti-virus at the very least.

poundsmack said:

anyone tried this version of Sophos out yet? if so, please give your thoughts on it.

theruck said:

antivirus for mac is like MS invented another YES asking for the same question if you really like to install this onto your OS. really useless and pickpoketing users money for nothing

rizalp said:

I think it's better that Apple open their eyes into the threats that Mac user faced, and offer free security App, like Microsoft Security Essentials

hitech0101 said:

Malware is very real in any machine with any protection.Well there are many anti-virus out there but always at one point or other they get compromised.Main reason being we unknowingly trigger them.Hope this one protects Mac users because there aren't ways they have to clean their machines once infected, probably one of the many disadvantages of Mac.

akannitaoheed said:

frodough said:

it's all about public exposure, that's how viruses work, windows being the major target of it b/c its market share (number of ppl who use it) as compared to apple's the difference between the 2 usually made apple an undesired target.

I totally agree with this cos there is no way you go on with your system, especially when you go online that you are not exposed to threats only that fewer people use apple compared to windows based PCs, meaning that there is better and bigger market for antivirus vendors with windows based PCs. So even the progrmmers who write the viruses would go where more people are with their tracking cookies, spywares and stealers etc to earn more "LOOTS". In the end people will see more of threats where more users are (windows based PCs).

Jibberish18 said:

Well, I scanned my entire OSX Partition with Administrative privileges and it found this:

'Mal/JavaKC-G'

Not sure what it is yet. Is this the infamous Exploit everyone was talking about in Java?

xcelofjkl said:

I hope that apple gets seriously infiltrated by these viruses, so as to open their eyes in the reality of security vulnerabilities.

Guest said:

Yes, as of OS X 10.6, the Mac OS has had hidden malware protection built-in:

http://www.macworld.com/article/142457/2009/08/snowleopard_m
lware.html

It has since been quietly updated to recognize more threats.

http://antispamaward.com/pressoffice/news/articles/2010/06/m
c-malware-update.html

There are no actual "viruses" (malware that can self-replicate) in the wild for OS X. There have been attempts at viruses, but they didn't function properly and the Mac OS has since been updated to be resistant to these potential threats. There are a few very rare Trojan Horses, some of which also don't work as intended.

Here is an excellent up to date Web site on the topic of Macintosh malware that folks might find illuminating:?

http://www.reedcorner.net/thomas/guides/macvirus/??

...and an associated Macintosh Malware Catalog?http://www.reedcorner.net/thomas/guides/macvirus/mal
are_catalog.shtml

OS X has been out now for about a decade. For all that time Windows apologists have been saying that there will be lots of viruses for OS X "any time now." After years went by, and that turned out not to be the case, Windows apologists then started saying that the Mac wasn't a big enough target to attract malware authors.

The thing is, apple sells about 15 million Macs a year, and there are about 90 million Macs in use by Apple's estimates. That doesn't sound like an insignificant number to me.

If Macs only have, for the sake of argument, 10% of the market, why isn't it that they don't have 10% of the millions of viruses that Windows does?

http://vil.nai.com/vil/default.aspx

Why not 1%, or even half of one percent? Why do Macs have zero percent of the viruses? It seems to me that it has to be because Macs are far more secure than Windows.

See:

Is Windows inherently more vulnerable to malware attacks than OS X?

http://weblog.infoworld.com/enterprisemac/archives/2006/08/i
_windows_inhe.html

Guest said:

Most Mac users just don't get it. They refuse to admit they can get viruses. Check out this little flame war.. http://bit.ly/aAVFPm

Guest said:

That's a funny little flame war going on there. I think I have to comment. That Martin guy is a *****! GO DAVE!!!!

http://bit.ly/aAVFPm

Guest said:

Funny little flame war there. It's the same old argument tho but it's still entertaining. The mac dummies there just won't listen and don't provide any facts. At least Dave is bringing up facts and backing them up. I'm on TEAM DAVE ! ! !

http://bit.ly/aAVFPm

zxzasa said:

as for me, for mac i prefer to use http://www.protemac.com/netmine/ firewall

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.