Is it really time to run AV on your Mac?

700,000 victims, but just one drive-by download.

No matter which way you slice the numbers, the sheer volume and variety of Windows malware makes running XP, Vista or 7 without antivirus far more risky than running any version of Mac OS X without antivirus.

If you want to pay an annual license subscription to Symantec ($60), McAfee ($70-$90), F-Secure ($50), Kaspersky ($60) or BitDefender (AU$57 for three users), you can.

Assuming the average life span of a Mac or PC is three years, that’s around $180 for software you might not want (because of cost and processing power) but may need.

The question, following the “outbreak” that supposedly busted the myth that Apple malware does not exist, is whether antivirus for Mac OSX is actually needed?

Mac users should not assume they are entirely risk free, as shown by targeted attacks against unique social groups. But does the single mass, automated malware threat called Flashback or Fakeflash really justify the case for Mac users to install antivirus?

Highly-regarded security researchers claim the emergence of that single “drive-by download”, which Windows users have faced by the hundreds if not thousands for many years new, does justify installing antivirus on Macs.

“I think the time is changing right now when it is something you have to do on a Mac,” F-Secure’s chief security researcher Mikko Hypponen told CSO Australia.

But the argument that it’s necessary for Mac users to run antivirus rests on an over-simplified debate: whether malware exists (or not) for Macs.

Forget Apple’s marketing, which implies that Macs are “virus free” because they are not Windows machines, the AV industry would like consumers to believe that the mere existence of Mac malware of the Flashback type makes running antivirus worthwhile.

In the end, users will decide whether it's worth the price based, and they currently have a range of free or ‘freemium’ products to choose from, including Avast!, ClamAVm and Sophos – although I suspect Sophos intends to monetise its freemium product in the near future.

[Update: Sophos has confirmed it has no plans to monetise its free AV for home Mac users product, and Sophos will continue to provide this tool to users for free on an ongoing basis.]

But what ever happened to the question of calculated risk? For example, the risk of death if you choose to jay-walk when it is clear there is no oncoming traffic?

Russian antivirus firm, Kaspersky, last week outlined that there are currently just 300 ‘malware’ threats (adware, spyware, virus, trojans, included) for Macs. As stated above, it’s still quite minuscule compared with Windows systems.

Join the CSO newsletter!

Error: Please check your email address.

More about AppleAvastBitDefenderF-SecureKasperskyKasperskyMacsMcAfee AustraliaSophosSymantec

Show Comments