Mac OS X Security Part Three: Virus Scanners

Last week we discussed firewalls for Mac OS X. Just when I thought this week's security article on OS X virus scanners would be a slam-dunk for Norton AntiVirus for Mac OS X, Apple's Mac OS X Product News for this week announces Virex for Mac OS X from McAfee. It also announced another firewall product for OS X called Firewalk X.

Virex has legal fine print that possibly excludes me from even telling you that I did or did not get it to work on my own machine. Frankly that makes me suspicious already. So perhaps all I can say is, take a look for yourself. If you're feeling lucky, then go for the download. That makes writing this article a cinch, except that it could also be rather short. In my university days of solving intractable equations we used to call this kind of thing the trivial solution.

Speaking of legal fine print, Apple 'News starts out with an intro that could have been quoted from my own article on firewalls. Naturally I can't quote it for you here because of Apple's own legal stuff, but it has something to do with bad guys, cable and DSL connections to the internet, and Mac OS X. You put it together! Or else read my article, which came out first.

Virex from McAfee downloads and unpacks nicely into a single OS X bundle, which is actually an installer. Very nice, and characteristic of a true OS X application. Norton updaters for OS X, a pair of OS X product updates for current owners only, unpack to VISE updaters. That's reasonable too. So far it's a tie! In the event I can't say more, I will venture to guess that you won't be either disappointed or surprised with either of these products, knowing other versions of them.

Let's go for it. Norton AntiVirus for OS X installs painlessly in less than a minute! All I do is take the defaults, and it's installed properly into the Applications folder without any suggestion from me. Norton Personal Firewall for OS X, available at the same time, doesn't fare so well. At the point where VISE tries to create the folder, I get a message that read, "Error creating folder. 1008:9,-5000 Access denied error." Uh, sure thing. Well, one out of two isn't bad, and I'm happily running BrickHouse anyway. Besides, this article is about antivirus software, not firewalls.

Norton AntiVirus looks like its OS 9 counterpart, and runs even better. LiveUpdate works beautifully. What more could I ask for? I have been a Norton fan and owner for years, and all the evidence in front of me says I'm not about to change that. My first NAV for Mac purchase was approximately version four. It ran okay, but frankly bogged down my poor G3 with 128 MB of RAM and running Mac OS 8.5 at the time. The next version got a kick in the pants, and from then on I was barely aware of it running in the background. It looks like Norton just keeps getting better and better.

The Windows versions of both Norton AntiVirus and McAfee VirusScan have options to quarantine viruses automatically, yet the defaults are to query the user for a course of action! Unbelievable! In my workplace we have a virtual site-wide licensing deal for antivirus software. Imagine the collective time wasted setting each and every workstation's several antivirus options to Quarantine Automatically. You don't want users to take a chance that it was a false alarm. Just quarantine the thing and deal with it offline. In NAV for OS X there is only one radio-box option: to repair infected files automatically (default) or manually. That's how it should be. From a user's point-of-view, it should be dead simple. So here's yet another reason to buy a Mac with OS X on it.

This first version of NAV for OS X doesn't run automatically in the background. That means, for now, you're on your own when you double-click that email attachment. So don't do it! Scan everything manually before using it. Without doubt NAV will be 110% functional within OS X shortly. It'll be worth the wait.

Meanwhile, though I have played with McAfee's Virex, I still have a problem with their legalese. If you care to try the program out for yourself, then go for it. Otherwise, stay with the company that knows Macs.

Peter Norton must be a fascinating character. For a guy who started out defragmenting hard drives, a task that still seems to defy simplicity, he has an amazing breadth of interest. I happened across an interesting book co-authored by him today at Chapters. It's entitled Network Security Fundamentals, and covers security considerations in just about every popular operating system. I leafed through it and randomly read a bit about Mac file sharing hazards, and another bit about Windows NT & 2000 security holes. Norton's take on the latter is interesting. He says, when you find a hole in Windows, you have two options. One, you can write Microsoft and hope they fix it. Two, you can write everybody else to warn them. Until I read that bit, I didn't fully appreciate the open source initiatives underway in so many quarters today. When you have open source, you have interested and talented people on it who are free to talk with each other and can spot and patch security holes. It's a collaborative deal. You might be surprised to learn that Apple has made the Darwin core of Mac OS X just such a project.

Virus scanning for Mac OS X could turn out to be a somewhat more complicated affair than it was under Mac OS 9 and prior, if only because the opportunities are tripled. Conceivably, you could be hit by both Classic Mac viruses and unix viruses, in addition to any that might be written specifically for Mac OS X. Undoubtedly you'll see Windows viruses as attachments, and although these won't hurt your Mac, they'll hurt your friends if you forward one to them. So that makes a total of four categories. Whatever virus scanner you choose, you can bet it will be busy. When it comes to email viruses, good email practice is your best defense. That will be the thrust of next week's article. Ciao.

Contact the author