Ekkards Blog
Thursday, November 09, 2006
Anti-Virus for Mac?

Some time ago I had a short interlude with Norton AntiVirus 8.0 on an iMac G4. The reasons are nowadays unclear to me, but in the end I was not using the scanner, and and it had costed some money. And indeed, for a long time apparently there has been NO Virus for MacOS X. Now there are some, and there is always the possibility for macro viruses if you run Microsofts Office on the Mac, which I do.

My current favorite scanners, F-Secure und NOD32, are not available on the Mac.
So I investigated the alternatives:

Symantec's Self-Serving Ravings Spread Fear, Uncertainty, Doubt about OS X Security

clamXav, http://www.clamxav.com/ is freeware, but I did not want to spend time on updating the patterns and the setup and so on. Later, this turned out to be a prejudice for which I payed my dues. But lets continue in chronological order.

Norton Antivirus from Symantec has awfully bad user comments on Intel iMacs. No, I am not wasting time on this.
Virex from Mc Afee, apparently only an old binary (not Intel), buy online only upwards from 3 copies for approx. 100 €. I was only planning for 2 copies, and I did not want old software for my new iMac.
Sophos Antivirus is an Intel binary ("Universal"), 30 day demo, but no Online-Shop.
Intego Virus Barrier, Univeral Binary, online shop 72 €, and 30 day trial version. Lets go....

Intego Virus Barrier
installs quickly, and after the restart works unobtrusively. Just a small icon in the title bar. I like that. Net-Update does not work for demo-mode. I dont like that. In fact I do not know whether the software works at all. I am doing a demand scan, it is very busy. Still nothing. So I decide to put the scanner to a test and I download the EICAR test virus. The download works like a charm, it gets unzipped automatically and yes, I may choose an application to open the file. And there it is, the test sequence in ASCII can be plainly read. If this would have been a real virus for Office Documents, it would party on my hard drives. Not so good, either. The on-demand scan stumbles over it and gets really excited about it. However, it would be too late. You are dismissed! I remove the software.

Onto the next: Sophos
Registered myself, got a link, downlaoded the software. Installer with an .sea-would not start. No information whatsoever, what version I was trying to install. What was I doing? Nevermind, lets redo it. Start under Enterprise Software, left turn into Anti Virus, right turn into Mac OS X, yes X, and fill out the form. The website can't help but notice that the number of employees in my company is rather small for an
enterprise, and suggests Small Business Edition. Don't! Calmly continue with enterprise, and a new, different link arrives. Bingo, now it installs. Same as before, very unobtrusive behavior. However, the definitions are rather old. It takes the user guide to configure the scanner and the automatic updates. With "update now" it downloads a large number of files, which takes patience.

Now again the EICAR website and click on the zip-File. The download starts, Sophos kicks in by showing the message. Immediately Safari crashes with all its open windows gone, webmailer logins and such. My fingers are trembling, that was some thorough action. I think I might not check the other test files, it is good enough. Luckily I do not expect a lot of viruses. Passed that test.
Now the next challenge: Buying a license.

Addendum1: I discovered another link, which somehow supports my view: "Mac OS X anti-virus software: More trouble than it's worth?" or in German: "Anti-Viren-Software für Mac OS X: Mehr Schaden als Nutzen?".

Addendum2 (18. Jan 2007): License woes
Buying a license for Sophos Antivirus was a challenge I could not master. It started bad and got worse. As there is no online shop for a license, I found a distributor which carried them. Yes, plural is correct, because you have to buy three at a time. As in the meantime I have three Macs in operation that is about right, I sighed and ordered. After 3 weeks a CD arrives, with no clear label and no license key. I installed it anyway, It turned out to be an older version than the one I had downloaded and installed before. It still needs a license key. I complained at the distributor, because Sophos should be able to manufacture and deliver a license key within weeks. And my Sophos complained back to me, once every hour, because the key was missing. When 4 weeks had passed, I canceled the order and uninstalled SAV (nothing in the documentation, of course, but Google helped out).

I went for ClamXav and downloaded it from http://www.clamxav.com. It is GPL, so no hassle with orders, with distributors, with faxes and phone calls. The installation is not a one button affair, but it is described well. If you can follow a procedure, it works. You have to think about the settings, because the initial configuration does nothing at all. It can auto-update patterns and check for updates of engine and software.

I tried a scan and oops, it found the forgotten EICAR in the recycle bin. I tried the download of EICAR and ClamXav warned. Good enough for me. Resume: It takes about half an hour to get ClamXav installed and working. Full of gratitude I went to PayPal and made a donation. I feel really generous now and still I saved money. And learned a couple of lectures at the same time.

Comments: Post a Comment

Powered by Blogger