OS X – malware, viruses and all that stuff

Recently, I have purchased Virus Barer x6 as a part of StackSocial bundle – if I remember correctly. And this was the spark for the quite time consuming research related to viruses, malware and all that stuff in the OS X environment.

The point is, that architecture of the OS X is generally safe. You know, all that Sandboxing, running apps as user, making sure that nothing can happen under the hood without your knowledge. But the fact is that running apps as root is not that hard to do. You simply ask user for the password, and I am sure they will give it to you (take a look at all these anti virus apps, they all ask you for the password during installation). The fact is, that these apps add various daemons, kernel extensions, etc. to your system. Of course, this is OK, because you know what you are doing. However, the point is that viruses, malware and all that nasty stuff can make the same thing. Apps can simple ask you for the root password, and I am pretty sure, you will give it gently. So, basically, it is safe to assume that viruses, backdoors and various malware is possible in OS X.

On the other hand, protecting your precious is not that simple. I have tested four different packages for the security purposes. These were: Virus Barer x6 (commercial and paid), Avast! (commercial but free), Sophos (commercial but free), ClamAV (open source and free). Of course you have dozen of AV applications but I had neither time nor will to test all of them. The picks above were simple. I had either licence already, or these were free software.

So, what are my feelings here? I am pretty sure that you can say bye-bye to all live scanners that instantly check you machine in order to catch all the evil things from the internet. The fact is that gain is not worth the loss. My experience were as follows.

– system startup got much longer
– everything got slower
– e-mail and web browsing experience turned out to be a nightmare (in worst case I was not able to do anything after booting for almost 5 minutes).

All the commercial products were simply busy occupying my CPU almost all the time. This was not acceptable. The last choice was ClamAV. This open source engine is probably the worst case in terms of user interface experience but it has few advantages.

– it is free
– you can run it in your spare time (e.g. during night) and you don’t loose your CPU power during day to day work

You will probably ask whether something like this can be worth your trust. Well, it depends where you put your trust in. If the UNIX world is something worth your credit, then you will probably appreciate that ClamAV is a solution present in Linux distributions for some time already.

If you think that people at Apple know what they are doing, take a look below. This is the screen shoot from OS X Server.

OSX

As you can see, there is a ClamAV installed by default in the OS X server. It should ring a bell to you.

Now, getting back to my case. I have eventually compiled and updated my version of ClamAV and that’s my solution for the viruses so far. Let’s hope regular checking my machine will be enough. And I have to say bye, bye to all real time scanners as they simply consume too much precious time of my CPUs.