Home
Posted By: Pendragon Why did you install Clam? - 11/01/10 10:29 AM
Most will agree, I presume, there are no true Apple viruses (though Trojans are becoming popular of late). Yet, many install ClamXav.

Ergo my question to those of you who do install Clam. Why do you bother?

Presently, I only see two (valid) reasons to install Clam:
1) Concern that you will inadvertently pass along an infected file to a PC user and you wish to be a good citizen.
2) You are running Parallels, Boot Camp, VMware, or such.

I hope I am not being confrontational. I am just trying to understand the rationale behind the decision and determine if Clam is route for me.


Posted By: tacit Re: Why did you install Clam? - 11/01/10 11:30 AM
I find the idea of passing on a virus to a PC user accidentally to be somewhat...questionable, myself. How many times are you likely to receive an email with a file attachment like "naked pictures.exe" or 'your delivery.exe" and think "Wow, it'd be a great idea to forward this to Joe!"?

I don't install AV on the Mac side. I do run VMware, and on my Windows VMs I use a Windows AV program (the Windows version of Clam, in fact), but I don't know that running an AV program on the Mac side is really the best way to protect a Windows VM.
Posted By: Hal Itosis Re: Why did you install Clam? - 11/01/10 06:33 PM
Originally Posted By: Pendragon
Most will agree, I presume, there are no true Apple viruses (though Trojans are becoming popular of late). Yet, many install ClamXav.

Ergo my question to those of you who do install Clam. Why do you bother?

Presently, I only see two (valid) reasons to install Clam:
1) Concern that you will inadvertently pass along an infected file to a PC user and you wish to be a good citizen.
2) You are running Parallels, Boot Camp, VMware, or such.

I hope I am not being confrontational. I am just trying to understand the rationale behind the decision and determine if Clam is route for me.



Are you really from Texas?
Posted By: Pendragon Re: Why did you install Clam? - 11/01/10 08:34 PM
Quote:
Are you really from Texas?


Nah, only moved here two years ago. Previous 30 years in the DC area.

And still, no guns, truck, boots, or Stetson...
Posted By: Hal Itosis Re: Why did you install Clam? - 11/02/10 01:31 AM
On occasion i like to try out some (relatively obscure) software of which I have little knowledge. I will run it through ClamXAV just to feel that I at least tried to look for something. [who knows, it might hit pay dirt one day.]

Back during the System 7 to System 9 (Mac OS 9) period, I also did the same thing with Disinfectant. I.e., I never did a scan of the entire HD or anything like that... but simply let it chew through an unfamiliar app I had downloaded... just for the sake of feeling like some attempt had been made to find anything suspicious.

As i recall those days, the entire Mac community was fond of Disinfectant. Like ClamXAV, it was also free... and there was a "vibe" about it which appealed to people. [i.e., some guy (a professor at Northwestern) spent his personal time trying to do right by the Mac community.] I seem to recall there was a general feeling of loss when he retired, and its development ceased.

I get this same vibe from ClamXAV. it's free to all... but donations are accepted. And by sheer coincidence [???] perhaps, I decided to donate to the cause yesterday... and then later spotted your thread. [plus the developer is a Brit, and your moniker sounds like... well, anyway.]

idunno. I might use it only once or twice a month, but I felt the dude is doing the community a service... so, why not help him out? But, you don't have to pay if you don't want to... so I don't really understand why this thread even exists.

Use it/don't use it. Pay/don't pay. It's more a matter of personal choice than any required paranoia over malware, etc. Only you know what sorts of programs you download and/or what sorts of sites you visit. [wild guess here but, i'll wager you may not even need it.]
Posted By: ryck Re: Why did you install Clam? - 11/02/10 07:25 AM
Originally Posted By: Pendragon
Most will agree, I presume, there are no true Apple viruses (though Trojans are becoming popular of late). Yet, many install ClamXav.

Ergo my question to those of you who do install Clam. Why do you bother?


I'm very careful where I travel on the web and never open anything unless I'm sure it's safe. If I receive spam I immediately write a rule that takes it out, and then I go to Webmail and report the spam to my ISP.

However, in spite of all the care, there are other ways things could be spread.

Like everyone else, I know lots of people who think that writing a letter is sending the latest joke, a link to some guy eating a motorcycle tire, a "forward this, have great fortune" email, or whatever. I've also read that these are among the ways that malware is spread.

Et cetera, et cetera.

For me, ClamXav is cheap insurance. Even if there isn't something happening today, I'd just as soon be prepared if it does.

I also like that it seems to be well written and doesn't adversely affect my machine's performance. I don't use much extra "stuff" (e.g. ClamX, Super Duper, Clean App) but, at the point I decide to buy something (and I try before I buy), I will have researched carefully and asked questions.

ryck
Posted By: artie505 Re: Why did you install Clam? - 11/02/10 07:54 AM
> Even if there isn't something happening today, I'd just as soon be prepared if it does.

Bear in mind that the only thing you're prepared for is what's happening today...that if an Apple virus turns up ClamXav will be no more prepared for it on that day than it is today. (OK... You'll be a step ahead of the game having already d/l'ed the app.)
Posted By: Hal Itosis Re: Why did you install Clam? - 11/02/10 12:11 PM
As of today, the folks at SOPHOS seem to be on board as well...
http://nakedsecurity.sophos.com/2010/11/02/anti-virus-mac-free/
Posted By: Pendragon Re: Why did you install Clam? - 11/02/10 04:33 PM
Originally Posted By: Hal Itosis
As of today, the folks at SOPHOS seem to be on board as well...
http://nakedsecurity.sophos.com/2010/11/02/anti-virus-mac-free/


And now, how does one determine/what criteria is significant in choosing between Sophos and Clam?

(Though from here, it looks like Sopohs is more full-featured. Waddya think?)
Posted By: Hal Itosis Re: Why did you install Clam? - 11/02/10 05:46 PM
Again, it's your Mac and your usage habits (not mine) which should set the criteria. In my case (scanning the occasional app), Clam is my cup of tea.

I opened up Sophos with Pacifist for a look/see (some time after posting the link here) and espied a ton of stuff which didn't interest me. Sophos is around 3-times as massive as Clam... but you're right: it seems to have more features (such as hooking into the browser to analyze downloaded items or something?).

I posted that Sophos link strictly as a relevant "news" item... not as an endorsement or recommendation. [it's brand new AFAIK, and currently i'm not inclined to even install it.]
Posted By: Pendragon Re: Why did you install Clam? - 11/02/10 07:37 PM
Thanks for sharing your insight Hal!

Re Clam vs. Sophos, I understand the dilemma. Alas, I was hoping an obvious choice would rise to the fore.

I'll be on travel for the next week or so, so for now I'll demur.

Maybe by the time I return, someone will publish a head-to-head feature matrix (but I won't bet on that).
Posted By: AdrenalinOD Re: Why did you install Clam? - 11/03/10 04:39 AM
My old 6100 60AV got infected with a virus back in system 6 days and it took me hours and hours to reinstall my data from a 150 floppy backup set....
Virus checking has become a part of my maintenance routines ever since.
I run a virus check before I rebuild the directory with diskwarrior...every few months.
Posted By: Virtual1 Re: Why did you install Clam? - 11/03/10 01:15 PM
My last virus was in the mac os 8 days. Mac viruses back then tended to be additional resources added to the application, usually in window resources or MDBFs. Nowadays inserting code into a mac app isn't nearly as trivial, and I think that helps

But really, viruses aren't all that big of a deal nowadays. There's no money in it, and you're far more likely to interact with people over the internet than you are with physical media. Back then people were making malware for lols and that's about it.

Scareware and botnets are the current threat. Plenty of money to be made in both arenas. Spreading over the internet is so much more efficient, and it removes the automated computer element to a large degree. Instead of relying on security holes in the os, it targets the user as the weakest point in the security.

There's nothing better than Money to motivate and add sophistication to illegal activity.
Posted By: Hal Itosis Re: Why did you install Clam? - 11/04/10 05:10 AM
Originally Posted By: Pendragon
Re Clam vs. Sophos, I understand the dilemma. Alas, I was hoping an obvious choice would rise to the fore.

Hmm, perhaps this will help with that...



smile laugh grin wink
Posted By: macnerd10 Re: Why did you install Clam? - 11/04/10 07:03 AM
My first experience with Sophos antivirus.
First, it scanned all my files (not like ClamXav or iAntiVirus). Second, it found (the other programs did not) three Torjans and two spyware/malware "things". I can't call them programs because they are listed as documents. The interesting thing is that they all resided in a Java 6.0 cache folder (subfolders 28 and 31) in the user/library/caches. This Java update was recently installed through software update on an Intel MacBook Pro running 10.6.4. The program had a rather counter-intuitive way to get rid of these cache files. The next scan did not detect any "threats". True, they are all listed as Windows Trojans/malware. But still, does Java really install malware or is it just something that Sophos engine took for such?
Anybody sharing this experience? Would be most grateful for informed comments.
Posted By: Hal Itosis Re: Why did you install Clam? - 11/04/10 02:44 PM
Maybe someone knows those answer(s) over here --> http://openforum.sophos.com/MacAV
Posted By: macnerd10 Re: Why did you install Clam? - 11/04/10 04:11 PM
Thanks, Hal! Posted it there. One user also said that a malware file was detected, also in Java caches but in a different folder, and just one. Looks like there are problems with Java 6.0...
Posted By: macnerd10 Re: Why did you install Clam? - 11/04/10 11:07 PM
Nice rundown in http://www.bleepingcomputer.com/forums/topic351472.html (this is about Windows but the same seems to happen on Macs, although the actual threat has not been evaluated, I guess):

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. However, when alerted to this type of threat, it's a good practice to clear the Java cache and clean out Windows temporary files.
So, looks like Sophos did its job well.
Posted By: Paddy Re: Why did you install Clam? - 11/05/10 04:53 PM
Well, in response to Harv's original question - I'm not about to install anything that runs constantly in the background and has the potential to gum up my system. There are still no viruses for Macs in the wild and as Tacit says, the likelihood that I'll pass on that oh-so-helpful label .jpg that "DHL" or "UPS" (yeah, right) just sent me is nil.

Might want to read this thread at Sophos with some 60-odd responses in 2 days. (And whose bright idea was it to list the responses backwards?? Page 7 is the FIRST page at the moment. Very, very weird.)

http://openforum.sophos.com/t5/Sophos-An.../td-p/63/page/7

And I find this whole thing about it being free quite fishy. I doubt very much that it will stay free - that's not how Sophos operates. FUD, on the other hand, is much beloved by the AV producers operating in the Mac realm.
Posted By: Virtual1 Re: Why did you install Clam? - 11/05/10 04:58 PM
For quite some time it's been the case that Mac AV software's primary function is to identify windows malware that somehow has found its way into your documents and desktop.

I love how they try to advertise things like that, "now detects over 400,000 known threats!" without mentioning that only 3 of them could actually cause a Mac any problems.

They're just the Mac's more commercialized version of Windows "scareware"
Posted By: Hal Itosis Re: Why did you install Clam? - 11/06/10 10:22 PM
I agree in spirit with the sentiment you convey, but just want to clear up some details...

Originally Posted By: Paddy
Well, in response to Harv's original question - I'm not about to install anything that runs constantly in the background and has the potential to gum up my system.

The original question was about ClamXAV, which doesn't belong in that "runs constantly in the background" category. [edit: i.e., by default... launch at login, scan scheduling, and sentry watch are all disabled.]



Originally Posted By: Paddy
There are still no viruses for Macs in the wild and as Tacit says, the likelihood that I'll pass on that oh-so-helpful label .jpg that "DHL" or "UPS" (yeah, right) just sent me is nil.

Might want to read this thread at Sophos with some 60-odd responses in 2 days. (And whose bright idea was it to list the responses backwards?? Page 7 is the FIRST page at the moment. Very, very weird.)

http://openforum.sophos.com/t5/Sophos-An.../td-p/63/page/7

Seems to be connected to users with BootCamp partitions: Slow-down when scanning? Work-around now available!. [fwiw, not all 7 pages contain negative comments... and those "pages" hold a small number of posts (compared to most forums).]



Originally Posted By: Paddy
And I find this whole thing about it being free quite fishy. I doubt very much that it will stay free - that's not how Sophos operates. FUD, on the other hand, is much beloved by the AV producers operating in the Mac realm.

Yeah well, google is "free" too... yet somehow they're "worth" billions.
Posted By: tacit Re: Why did you install Clam? - 11/08/10 03:15 AM
Originally Posted By: Hal Itosis

Yeah well, google is "free" too... yet somehow they're "worth" billions.


Google is only free if you think of them as a search engine company. They're not--they're an advertising company. The world's largest advertising company, in fact. And their advertising services aren't free--in fact, they're quite expensive.
Posted By: Hal Itosis Re: Why did you install Clam? - 11/08/10 05:46 AM
Originally Posted By: tacit
Originally Posted By: Hal Itosis

Yeah well, google is "free" too... yet somehow they're "worth" billions.

Google is only free if you think of them as a search engine company. They're not--they're an advertising company. The world's largest advertising company, in fact. And their advertising services aren't free--in fact, they're quite expensive.

Understood. But for me (and most here i suspect), we've been getting the benefits of free searches for over a decade without spending a single penny, much less clicking on an ad even... unless an actual purchase was our original purpose in searching to begin with.

Heh, i recall searching for some band called 'Fences' -- boy, that's a dumb name, unless you don't want to be found on the web easily. And many results nowadays from other similar vague search terms contain links to really silly pages trying to sell all sorts of stuff. And some of those links turn out to be merely another contrived search designed to sell something else.


Of course —beyond raw advertising —our usage habits (clicking/viewing/downloading/etc) are also being tracked... providing whatever info to whichever agencies. So perhaps that may be something Sophos is also doing to get their income[?] E.g., scanned filenames get culled into some huge database? :shrug: idunno. Maybe they're serving ads too somewhere. [i'm blocking flash and also certain sites via /etc/hosts, so i don't see everything i guess.]

Posted By: Paddy Re: Why did you install Clam? - 11/08/10 01:45 PM
Originally Posted By: Hal Itosis
The original question was about ClamXAV, which doesn't belong in that "runs constantly in the background" category. [edit: i.e., by default... launch at login, scan scheduling, and sentry watch are all disabled.]


Sorry - I should have been clearer - I was referring to the Sophos AV - I'm quite aware that ClamAVX does not run in the background.

Originally Posted By: Hal Itosis
Seems to be connected to users with BootCamp partitions: Slow-down when scanning? Work-around now available!. [fwiw, not all 7 pages contain negative comments... and those "pages" hold a small number of posts (compared to most forums).]


Sorry that I missed seeing their workaround there, Hal. It was posted some 8 minutes before I finished this post, so in all likelihood, it wasn't there when I looked. wink And 60 responses in 2 days (there are now 65, not all of them from unhappy Bootcamp types, BTW) was significant enough to give one pause. There will always be more people complaining in a support forum - obviously. When assessing potential new software, I look for consistency of both good and bad experiences - and in particular, bad experiences that cannot be chalked up to user incompetence.

Originally Posted By: Hal Itosis

Yeah well, google is "free" too... yet somehow they're "worth" billions.


Sunil from Sophos responds to the "Why is it free?" question with a bit more detail:
Quote:
Re: Why is it free?
Options
11-08-2010 02:44 AM

Hi pixturesk

Thanks for the question. To clarify what we mean about providing this software for free let me provide some more detail.

We intend to support this software version for free until the time comes to retire it (and we have no plans or timescale in mind as to when this will be). For all users on the free version we will provide protection updates until the retirement date. We tend to provide at least 12 months notice of any product retirement; this allows customers and users sufficient time to plan and we would provide a similar notice period for this product.

Trust this clears it up and gives you enough information to recommend it within your groups.

Warm regards

Sunil


Why free? C'mon Sunil...it's not because you love Macs (as he states in a previous post) you (Sophos) love that you've got a potential new market - even though that market may be based largely on FUD. Offer it free, reel them in, then start charging. Get people used to/thinking they "need" Sophos AV at home and sooner or later, that "need" will be extended to the enterprise environment, where it is not free.

SophosAV Home Edition for Macs...a gateway AV. wink grin

Of course, it's possible that Sophos will always offer their home edition for Macs free, just as AVAST and AVG do on the Windows side, but with Sunil's hedging, I suspect that this is not the case. Time will tell. Generally the model these AV producers follow is to offer a basic edition free and then further features are available in a paid version. Some people actually want or need the features of the paid version - some probably just think they do.

Avast's CEO talked to ZDNet Asia in May about their model:

http://www.zdnetasia.com/avast-freemium-is-very-profitable-62063054.htm
Posted By: Hal Itosis Re: Why did you install Clam? - 11/08/10 02:58 PM
If SophosAV was total snake oil, you might have a point.

I notice that your first reply was "linked" to macnerd10's last post... but its content wasn't really directed at his statements. Care to comment on his post then? [i'm not really that good a protagonist in this matter. wink ]
Posted By: Paddy Re: Why did you install Clam? - 11/08/10 03:56 PM
Hal, for some reason or other, you seem to be taking my posts a tad too seriously - or misinterpreting them. I'm not claiming that SophosAV is total snake oil - it's clearly not. But equally clearly, the need for it is still largely a marketing ploy. That's what I object to, and that's what I've tried to point out. If people want to run it, that's their choice, but I hope they're doing it with their eyes wide open - clear that (a)there is still no compelling need for AV software to run in the background on a Mac and (b) free may not stay free.

As for linking to MacNerd's post, that was simply because his was the last post in the thread at the time and I'm not used to board software that links directly to just ONE person's post - none of the other two Mac boards I participate in actively use this board software. My apologies if I confused things. wink MacNerd does point out that the SophosAV found 3 Trojans and 2 spyware/malware "things" in his Java cache files that weren't found by ClamAVX. He also indicates that he's not sure they were in fact malware, or whether Sophos just identifies them as such. Without knowing what they were called, it's a little difficult to respond to that. At any rate, running Onyx and asking it to clear out the Java cache will be just as effective, no? Or just dump that cache file by hand... (Assuming here that we're talking about files that are in fact only harmful to Windows users). Anyway, perhaps I appear to have come on as rabidly against SophosAV - that was not really my intention. What really bothers me is the marketing that goes on to convince people that they really need stuff they really don't by scaring them. Anti-bacterial hand cleaners fall into the same category. grin (actually, they're far worse, but that's another topic entirely...) CDC - Antibacterial Household Products: Cause for Concern
Posted By: ryck Re: Why did you install Clam? - 11/08/10 04:23 PM
Originally Posted By: macnerd10
My first experience with Sophos antivirus.

I've also taken Sophos for a spin around the block, installing it several days ago. I did two scans, including the "look in every compressed folder" scan (not for the faint of heart - took about 8 hours).

It didn't find anything.

I've been using ClamXav and, when I first installed it, it found two or three things (I can't recall what they were) which it put into the Quarantine folder and I threw them out. I suppose that's why Sophos didn't find anything.

I've left them both installed and they don't seem to care, although periodically they switch places on the menu bar.

I'm going back to just ClamXav.

ryck
Posted By: macnerd10 Re: Why did you install Clam? - 11/11/10 07:36 AM
Ryck,
Just curious: did you install Java 6.0 prior to scanning?
Posted By: ryck Re: Why did you install Clam? - 11/11/10 03:26 PM
Originally Posted By: macnerd10
....did you install Java 6.0 prior to scanning?

Good question. It has forced me to think a bit about the sequence of events, and actually raises another question. The answer may mean that I'm not being overly helpful.

I would have installed Java 6.0 prior to scanning with Sophos, or the ClamXav scan that found some things but which I couldn't recollect.

Did the ClamXav scan, which was first, remove them from the Java 6.0 cache folder? I now have no way of knowing so, I may have had a similar issue as you but I can't confirm.

ryck
Posted By: macnerd10 Re: Why did you install Clam? - 11/12/10 12:31 AM
A little update. Just used ClamXav to scan my HD on work computer. The default options were only for home folder (users/yourname), Documents and Desktop. The scan analyzed only 14,000 files out of 595,000. At the same time, Sophos home edition scanned the whole hard disk. This makes me think that it is far superior than ClamXav.
Another thing about Java. Looks like malicious files on the home computer were acquired, because the work computer running 10.5.8 had all Java 6.0 cache folders empty even before I scanned with ClamXav.
Posted By: ryck Re: Why did you install Clam? - 11/13/10 09:35 PM
Originally Posted By: macnerd10
The scan analyzed only 14,000 files out of 595,000. At the same time, Sophos home edition scanned the whole hard disk.

Good point. I also did a complete disk scan (1.8 million files) that took more than 8 hours. It would likely have been much shorter if I had unchecked the "Scan archives and Compressed Files". If I thought it would take 8 hours every time I'd head for the hills.

However, it's pretty easy to create specialized scans so I'm going to give Sophos a longer tryout and have, for now, removed ClamXav.

ryck
© FineTunedMac