"Contrary to popular belief, the Macintosh operating system has not always been a safe haven from malicious code..."

-- Symantec Press Release

Emperor Norton (antivirus) has no clothes.

Symantec is talking about Mac OS 9 and earlier. Mac OS 9 was a completely different OS, with not even any significant amount of code in common between OS 9 and Mac OS X. Unless you've installed Classic, there's probably less OS 9 code on your computer than there is Berkeley UNIX code (let alone creaky ancient WIndows for Workgroups code) in Windows XP.

Different operating system, different API, absolutely no reason to extrapolate from one to the other.

Yes, of course OS X is not attack-proof in all circumstances. No OS is. But it is so much harder to get into... because it exposes so much smaller a surface area to attacks... that there are ZERO viruses or active exploits in the wild... *


Symantec is seeing the market for Mac Antivirus software, like its hope for a market for PalmOS and Pocket PC antivirus software, dry up like the morning mist. And for the same reason. What's that reason?

The way antivirus software works you're better off NOT HAVING ANY unless there's actual exploits to combat. It's a necessary evil on Windows, but just a plain evil anywhere else. Why? Because... like innoculations... AV software is not risk free. Installing AV software when you don't need it is just going to make your machine slightly less reliable and more likely to crash, and there's no benefit until after a REAL virus has been out for long enough that they've developed a signature to identify it, which can be days or weeks after it starts circulating. Wait for ONE useful signature, if it ever comes, THEN buy and install it.

* Update, FEB 2006: There's one poorly-distributed worm now, but it's not a vulnerability in the OS. It's a social engineering attack... you have to be convinced to unpack an archive file, then open a file in that archive by double-clicking on it.

The defense against this? Well, you could try antivirus software, but if you did you may be sorry... there are several reports that the checks in antivirus software for this virus have incorrectly identified "clean" computers as being infected. Whoops.

Better solution? Simply not being a target. Don't trust files you download from the net... if someone claims it's an image, why didn't it just open up in your browser? Be suspicious. Drag it to Preview, or right-click and select 'open with' to see what Finder thinks it is... don't just trust it to open the way you expect it to with a double-click.

Lynx-enhanced by <peter at taronga.com> (Peter da Silva)