Introduction As the ancient Greek philosopher Heraclitus said: “Everything flows, everything changes.” More recently, the Mac OS did not need any anti-virus tools, as it was considered very reliable and resistant to infection (the roots of this operating system lead to the family of * nix-systems). And today, Mac OS needs (albeit not as actively as Microsoft Windows) antivirus protection. In order to understand the nature of such a turn of fate, you need to make a short excursion into history. Until a certain point in its development, the computer world of application programs lived in two parallel platforms – PowerPC, represented by Apple and its offspring – Mac OS and traditional for the general public Intel x86 with Microsoft Windows dominating at that time. And, if for the PowerPC platform the viruses were, rather, from the realm of exotics, then Intel x86 represented first by DOS, and then by Windows, was very full of virus attacks. Since then, there has been a strong belief that Mac OS is immune to malware.
Subsequently, an event occurred that can be considered the starting point from the point of view of Mac OS entering the cohort of “virus-infected” operating systems – Mac OS was ported to the Intel x86 platform. Of course, the transition of Mac OS to the Intel x86 platform contributed to the popularization of this operating system among a wide range of users, because the PowerPC platform was more likely “for the elite,” in particular, in view of its high cost of both hardware and software.
Mac Defender spurious antivirus
Intego’s periodic news of the discovery of new virus threats for Mac OS, in general, failed to break through the bastion of user confidence in the invulnerability of this operating system. Moreover, the subsequent DNS Changer attacks, which were spread by the authors of the well-known Windows world of the TDSS malware family, as well as the Mac Defender spurious antivirus, were of a mass nature, but, rather, they were an indicator of the degree of credibility of Mac OS users who had not yet encountered virus outbreaks and, therefore, themselves installing malware from dmg-installers. Periodic news from Intego about the detection of new virus threats for Mac OS, in general, could not break through the bastion of user confidence in the invulnerability of this operating system. Moreover, the subsequent DNS Changer attacks, which were spread by the authors of the well-known Windows world of the TDSS malware family, as well as the Mac Defender spurious antivirus, were of a mass nature, but, rather, they were an indicator of the degree of credibility of Mac OS users who had not yet encountered virus outbreaks and, therefore, themselves installing malware from dmg-installers. Flashback. Here, however, it is worth mentioning that the successful construction of the botnet was facilitated by a vulnerability in third-party software, as well as a feature of Apple’s policy that does not allow the user to independently install patches for third-party programs – in fact, Apple’s approach to security is more precise, its certain inertia, – He was turned against himself. And a kind of “finishing off” was the discovery by Kaspersky Lab of a new malware, Backdoor.OSX.SabPub, approximately two weeks after the Doctor Web message about the discovery of the aforementioned Flashback botnet. At the same time, as in the case of Flashback, the successful installation of SabPub was provided by vulnerabilities in third-party software – in this case, six Microsoft Word documents were found containing Exploit.MSWord.CVE-2009-0563.a, two of which downloaded SabPub. Nevertheless, in view of the inheritance of the Unix principles of differentiating user rights in the system, Mac OS remains a reliable operating system, and even if a “command to destroy the system” occurs, its action is unlikely to go beyond the user’s profile. A hypothetical situation is the exploitation of a vulnerability that will allow a user to elevate their rights to the root level and execute the corresponding code.
Additional barrier to Windows-based malware
Also, installing antivirus on Mac OS can be justified from the point of view of an additional barrier to the spread of Windows-based malware, for example, when checking external drives. In fact, a Mac-computer with an installed antivirus is a kind of anti-virus gateway, with which you can check and, if necessary, remove malware on an external drive and, thereby, prevent their further distribution. This is especially evident in heterogeneous networks, which are now widespread almost everywhere – now it is not uncommon when devices running Microsoft Windows, Android, Mac OS are used at home. When it became absolutely clear that Mac OS was exposed to virus threats, antivirus software companies began to offer their products for this platform. Of course, the need to install antivirus on Mac OS can be challenged by experienced users, as well as information security experts, who can give a lot of arguments in defense of this position. But, on the other hand, those who have just switched to this platform, as well as Mac OS users who cannot rely on their security experience, are interested in the question of which antivirus for this operating system is better to use. And in today’s comparison, we will try to show the differences between a number of existing antiviruses on the market for Mac OS.