[ale] AV software? Slightly OT

James Sumners james.sumners at gmail.com
Thu May 19 08:50:30 EDT 2011


First, Little Snitch is not virus protection software and will not
prevent a virus infection. After you are infected, Little Snitch will
tell you about the virus phoning home, but that's it.

Second, it's true that it is possible to get a virus without having to
install it. However, those viruses are going to be limited to the
user's files (which can be devastating enough). The one currently in
the news, MAC Defender, is like almost all of the other that make the
news, though. This virus relies on the user entering their
administrator password to allow the virus to install itself into
system directories. So it still comes down to the user making a
mistake and blindly trusting everything that happens on their system.
I tell those who ask me, "if you didn't explicitly download it
yourself, from a site you trust, then _don't_ enter your password."

I'm with Richard. I _hate_ software that wants to use the installer.
If it's something that needs a kernel extension (like a USB->serial
adapter driver) then it's okay. But I always press cmd+i before
clicking the "Next" button. That way I can look at every single file
the installer is going to add to my system and the location at which
it wants to add them.

As to the original question, I have no answer. I'm one of the ones who
doesn't use AV software. But I have been wondering more and more if I
should start.

On Wed, May 18, 2011 at 10:07 PM, David Tomaschik
<david at systemoverlord.com> wrote:
> On Wed, May 18, 2011 at 9:46 PM, Richard Bronosky <Richard at bronosky.com> wrote:
>> +1 for Little Snitch. I still do not believe in virus software for a
>> Mac. Just don't install ill gotten software and you are fine. I also
>> tend to avoid using any software that uses an "installer" unless I
>> have done my research on it. If you use an installer, you probably are
>> a windows developer and suck at writing software anyway. No thank you.
>> It makes sense that something like Little Snitch would need an admin
>> password to install. But most everything else ought to be unzip and
>> use.
>>
>> Just say no to virus protection software. It's usually more of a
>> performance penalty than the virus you would never get anyway.
>
> If only there were no ways other than installing "ill gotten software"
> that your system could be exploited.  But obviously, that's not the
> case:
> * http://www.macobserver.com/tmo/article/the_java_exploit_how_dangerous_is_it/
> * http://www.computerworld.com/s/article/9133350/Angered_by_Apple_delay_hacker_posts_Mac_Java_attack_code?taxonomyId=1&intsrc=kc_top&taxonomyName=knowledge_center
> * http://www.theregister.co.uk/2011/05/03/mac_osx_crimeware_kit/
>
> I still don't run AV on Mac, but everyone should at least be aware
> that there are other ways to be compromised.  Cross-platform plugins
> are nice for developers, but there can be exploits that are present on
> more than one platform.  (Requiring different payloads, to be sure,
> but they are there.)
>
> --
> David Tomaschik, RHCE, LPIC-1
> System Administrator/Open Source Advocate
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
James Sumners
http://james.roomfullofmirrors.com/

"All governments suffer a recurring problem: Power attracts
pathological personalities. It is not that power corrupts but that it
is magnetic to the corruptible. Such people have a tendency to become
drunk on violence, a condition to which they are quickly addicted."

Missionaria Protectiva, Text QIV (decto)
CH:D 59



More information about the Ale mailing list