Darwin asked me elsewhere if I use any security software in OS X, and I think that is a useful topic on its own for all two OS X users at DC, along with curious Windows users who may enjoy prodding us
Here are the Broad Categories and options:AntiVirus
- iAntivirus - this is by the same guys that make Threatfire and Spyware Doctor for PC. It is FREE. It is optimised to detect OS X threats only (all 88 of them, including regular apps with possible danger like keyloggers, proof-of-concept code and classic OS <10 virii), and thus it has a tiny database.
- ClamXav - Useful to remove windows virii, open-source and free.
- VirusBarrier X5 - Fairly well regarded. You can get it And 10 other apps (including Little Snitch outgoing firewall) for a spectacular discount ATM: http://www.mupromo.com/winter.php
- Mcafee and Norton - universally reviled as junk, badly written for OS X. Some consider Norton the clearest piece of malware on the mac!
- Sophos - I've seen no one using this, I suspect it is corporate only.
- Built-in - Leopard has two outgoing firewalls, an application-based and a port-based (ipfw from FreeBSD, Tiger just has IPFW). Waterroof and Noobproof are very comprehensive GUIs to control it.
- Little Snitch - an outgoing application firewall. Low resource useage, a very nice UI, and on special offer over winter (see Virusbarrier above).
- Intego Netbarrier - Same guys who make Virusbarrier, used by quite a lot of users and with generally positive reviews. Both incoming and outgoing firewall, very configurable.
What do I use?Only
- Filedefense - a file system level driver which allows you to allow/deny file access for any application. Good idea but horrible UI, makes Vista's UAC seem like fun!
- MacScan - scans for keyloggers, a few trojans and clean tracking cookies. Nothing major but some people may find it useful (iAntivirus scans for keyloggers and trojans too and it's free).
- Apple Security Guide - Links to documentation for best practive for Leopard and Tiger
Little Snitch. Nothing else except for NOD32 on the XP bootcamp partition. There are no viruses in the wild for OS X. There are a smattering of trojans which require user intervention to gain access to the system, or someone may guess my admin password to install them. This is not a high enough threat to warrant using AV for the moment IMO, as long as I exercise caution about "installing" codecs with admin privileges from web popups!. I only use Little Snitch as much for curiosity over outgoing traffic as necessity. Here is a fair article on security and why you don't need an AV yet:http://db.tidbits.com/article/9511
And for those who saw the "Apple recommends AV software" furore:http://securosis.com...h-ado-about-nothing/
What do I miss more than anything for OS X security: SandboxIE - I'd love a robust sandbox to allow more reckless behavior online
Core Leopard components are sandboxed, but there is not an adaptation to run user process in a sandbox yet.