Having an antivirus software is a gold standard in the Windows world. But what if you are using a Mac? The prevailing opinion is that there aren't enough viruses or malware in the wild to merit having an antivirus.

But in reality, while very few will name 5 viruses for Mac off the top of their heads, Mac has a lot of issues. For instance, Safari does not have a stellar reputation on security. In March of 2011, at CanSecWest, a Mac with Safari fell victim to a security exploit in under 10 seconds.

Also, social engineering attacks can be easily used to con the user into running malware code on their Mac. So having an antivirus and antimalware package on your Mac is a very wise choice.

But this brings us to another problem: What antivirus software packages have a Mac version. As of June 2011, Wikipedia lists that only 16 out of 62 antivirus software packages support the Mac. In a very interesting marketing move, some antivirus manufacturers actually offer free use of antivirus packages for Mac. Norton has another very interesting combination product - one that runs on the native MacOS and another that runs on the Windows environment available through BootCamp.

The policy of implementing an antivirus on Mac is a very wise choice for corporate environments. If a corporate environment is just starting to adopt the Mac platform, one can start 'light' with the free antivirus packages. These are not manageable through a central console, so you will soon be looking for a corporate antivirus platform that includes Mac antivirus software. But while you are using a couple of Macs, the free stuff will help immensely.


Talkback and comments are most welcome

Related posts

Managing the permanent security issue of Top Management
Protecting from the CCenter Malware and Trojan
Managing Antivirus Software - Keep the reinstall away

Having an anti-virus on your computer systems is one of the standard best practices for every computer user, regardless of whether you are home user or a business.

Although there are a lot of users (both corporate and home users) that consider the anti-virus a useless weapon, it still provides a very real protective layer on your computers. No anti-virus is 100% effective, but even at 80% effectiveness, it means a whole lot less problems with malware.


Here are some simple guidelines for selecting and managing your anti-virus environments:

Home Environment

Managing an anti-virus in a home environment is relatively easy. Most users have 2-4 computers in the home, and they need to set-up an anti-virus on everyone of them. The most important elements are

• Regular updating of signatures from the manufacturer
• Active real-time protection
  
• Regular (weekly or monthly) scheduled scan

In order to keep your home anti-virus system in good condition, you need to

• Set the antivirus to perform automatic cleaning with quarantine (no delete) - this way even if you get a false positive, the file isn't deleted and you can rescue it from
• Check the update version - check whether updates are still current and there are no issues with updating
  
• Review the last scan results - this way you will be alerted if malware is identified
  
• Review the quarantine - to find if false positive files were captured by the anti-virus and need to be 'rescued'
  

Choosing the product
Then it's about the price and functionality. The home user can choose a free product, or they can buy antivirus protection. Here is a sample of criteria to review when choosing the anti-virus:

• Legitimate antivirus software - What you need to be very careful about when implementing a home antivirus environment is that the product be really an anti-virus. Wikipedia references the SpyWare Warrior that more and more malware masquerades as legitimate anti-virus. In order to avoid these malware decoys, you can reference the Wikipedia list of anti-virus software .
• Range of malware that you are protected from - Can the engine detect virus, spyware, rootkits, etc.?
  
• Behavior-blocking - Does the antivirus monitor system calls with a heuristics engine to prevent vulnerability exploitation attempts and zero day virus breakouts?

Corporate Environment

Managing an anti-virus in corporate environment is a lot more work. There are hundreds, even thousands of computers that need to be protected. In such an environment you need to battle the following battles:

• Keeping clients up-to-date - when updating hundreds of computers, there will be issues - computers that are off, computers where the antivirus software has failed for any reason, issues in communication with the update server
  
• Keeping clients compliant to policy - same as above, updates to policy may fail or be in significant delay
  
• Preventing the anti-virus servers from overloading - updating hundreds of systems can cause hogging of the update server or the Internet link.

In order to keep your corporate anti-virus system in good condition you need to

• Set up updating frequency according to corporate policy - updating the anti-virus in a corporate environment needs to be planned - updates may be needed more then once per day, but if you make the updates too frequent you'll end up overloading the antivirus server with requests.
• Balancing the load of management and updates in a distributed environment - When you have branches, it is wise do distribute the burden of updates and management to branch servers and administrators.
  
• Implement additional policy elements- anti-virus software may also be used to enforce corporate policies of not running some software in certain parts of the day (example - block media player from 9 to 12 and from 2 to 5)
  
• Schedule automated scans - similar to the home users, scheduled scans are good for confirming that nothing is sleeping in downloaded documents, unopened files etc.
  
• Schedule automatic reports - Your best for keeping the corporate antivirus infrastructure in good condition is an automated report. This way, a report on the number of non-updated

Choosing the product
When implementing a corporate anti-virus solution, the criteria of choosing a legitimate (non-malware) antivirus is not important - there are no malware products designed to operate as a corporate antivirus systems.
And even if someone tries to make such a malware, it will be immediately identified, since corporate anti-virus solutions are constantly evaluated - both by independent technology sites and companies, and by other manufacturers of anti-virus solution - to assess the competition.

But there are other criteria for corporate anti-virus that need to be evaluated. Here is a sample of criteria:

• Range of malware that you are protected from - Can the engine detect virus, spyware, rootkits, etc.?
  
• Behavior-blocking - Does the antivirus monitor system calls with a heuristics engine to prevent vulnerability exploitation attempts and zero day virus breakouts?
• Expanded functionality - System firewall. Does it provide blacklists and white lists for addresses and domains?
• Policy control - Does the antivirus provide controls to enforce corporate policies regarding use of certain elements of the computer system? For example, an antivirus system may provide policies to prevent running of certain applications, although they are not malware, or prevent access to usb storage devices etc...
• Signature Updates - How large and frequent are signature and other updates? This can range from one per day to multiple updates per day. This is a very significant issue - a signature that is updated once per day, it can be quite large, so in a large corporation the update process will hog the central antivirus server.

Conclusion
Depending on whether you are running a home or corporate environment, you face different challenges with antivirus solutions. But regardless of environment and product, you will be very grateful that you are running an antivirus the day someone you know looses data or re installs their computer due to a virus corruption.


Talkback and comments are most welcome