You have seen the ads on TV, read countless comments online, and perhaps even posted a few of them yourself. The Macintosh has no need for anti-Virus software. So it is quite humorous and a touch ironic to see Apple apparently reversing the marketing machine and encouraging anti-Virus protection.
Let this sink in for a second.
Apple, the company that uses its marketing department to push the notion that Macs are immune to pretty much every system flaw found on the planet, honestly said in a recent Tech Note that:
“Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.”
So not only is Apple recommending the use of anti-Virus software, but it's also encouraging the use of layered security for the Mac. The problem with the layers mentioned in the Tech Note is that the anti-Virus applications listed will never work well together on a Windows-based PC, let alone on an Apple Mac.
So unless there is something different in the code for Norton Anti-Virus 11 for Mac, McAfee Virus Scan for Mac, and Intego VirusBarrier X5, using all three of these or more than one for a layered defense, is strange advice indeed.
There are two other applications not mentioned by Apple in the Tech Note: ClamAV for OS X (free and works well) and MacScan ($29.99 USD) from SecureMAC.
It is a long held and hardcore stance that, for most Mac users, security applications are generally optional.
Rich Mogull, of Securosis fame and long-time Mac security expert, still maintains that common sense will prevail for most Mac users, and that anti-Virus offerings on a Mac are always needed in a corporate environment where compliance is required.
In an article published earlier this year, Mogull suggested that anti-Virus would be needed if requiring a Mac for risky usage.
“I do not recommend desktop antivirus software for the average Mac user, but you need to take other precautions... make sure you use email accounts that support spam and virus filtering, such as Gmail, Yahoo Mail, or Hotmail,” wrote Mogull.
“Spam is one of the major vectors for malicious code propagation, and gateway protection will reduce your risk should an email-driven Mac virus appear,” he added. “Consider switching to the Firefox Web browser with the NoScript plug-in. NoScript selectively, and non-intrusively, blocks all scripts, plug-ins, and other code on Web pages that could be used to attack your system during visits.”
The Tech Note was published by Apple with little-to-no public notice, but it is still nice to see that the company is taking security seriously and debunking the rumor that the Macintosh is simply immune from virus-related problems.
Yet, one has to wonder if the new “I’m a Mac” commercials will mention this, or if Microsoft will jump on this and spin it.
While there is clear irony in reading the recommendation that AV software is indeed useful and encouraged, any spin placed on this that leads to “Ha! I told you,” or blind panic would take away from the sensibility that using layered security on a system (PC or Mac) is just plain smart.
Sure, the total amount of Malware that targets a Mac is small when compared to the Malware that targets a PC -- no one in their right mind can argue otherwise. Yet, if you account for third-party applications such as Adobe Reader, QuickTime, and others, the playing field evens out somewhat.
Also, if you account for user error, then the field is leveled even more. Just like on a PC, the security on a Macintosh is no match for a user who simply installs things at will and never updates a single bit of code.
So take Apple's advice and use some AV software, and read Mogull’s tips in the linked article above. Just because the Mac is relatively safe now, does not guarantee it will stay that way forever.