An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 1 of 2 1 2 >
Topic Options
#12618 - 11/01/10 03:29 AM Why did you install Clam?
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Most will agree, I presume, there are no true Apple viruses (though Trojans are becoming popular of late). Yet, many install ClamXav.

Ergo my question to those of you who do install Clam. Why do you bother?

Presently, I only see two (valid) reasons to install Clam:
1) Concern that you will inadvertently pass along an infected file to a PC user and you wish to be a good citizen.
2) You are running Parallels, Boot Camp, VMware, or such.

I hope I am not being confrontational. I am just trying to understand the rationale behind the decision and determine if Clam is route for me.


_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#12619 - 11/01/10 04:30 AM Re: Why did you install Clam? [Re: Pendragon]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
I find the idea of passing on a virus to a PC user accidentally to be somewhat...questionable, myself. How many times are you likely to receive an email with a file attachment like "naked pictures.exe" or 'your delivery.exe" and think "Wow, it'd be a great idea to forward this to Joe!"?

I don't install AV on the Mac side. I do run VMware, and on my Windows VMs I use a Windows AV program (the Windows version of Clam, in fact), but I don't know that running an AV program on the Mac side is really the best way to protect a Windows VM.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#12620 - 11/01/10 11:33 AM Re: Why did you install Clam? [Re: Pendragon]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
Originally Posted By: Pendragon
Most will agree, I presume, there are no true Apple viruses (though Trojans are becoming popular of late). Yet, many install ClamXav.

Ergo my question to those of you who do install Clam. Why do you bother?

Presently, I only see two (valid) reasons to install Clam:
1) Concern that you will inadvertently pass along an infected file to a PC user and you wish to be a good citizen.
2) You are running Parallels, Boot Camp, VMware, or such.

I hope I am not being confrontational. I am just trying to understand the rationale behind the decision and determine if Clam is route for me.



Are you really from Texas?

Top
#12621 - 11/01/10 01:34 PM Re: Why did you install Clam? [Re: Hal Itosis]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Quote:
Are you really from Texas?


Nah, only moved here two years ago. Previous 30 years in the DC area.

And still, no guns, truck, boots, or Stetson...
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#12622 - 11/01/10 06:31 PM Re: Why did you install Clam? [Re: Pendragon]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
On occasion i like to try out some (relatively obscure) software of which I have little knowledge. I will run it through ClamXAV just to feel that I at least tried to look for something. [who knows, it might hit pay dirt one day.]

Back during the System 7 to System 9 (Mac OS 9) period, I also did the same thing with Disinfectant. I.e., I never did a scan of the entire HD or anything like that... but simply let it chew through an unfamiliar app I had downloaded... just for the sake of feeling like some attempt had been made to find anything suspicious.

As i recall those days, the entire Mac community was fond of Disinfectant. Like ClamXAV, it was also free... and there was a "vibe" about it which appealed to people. [i.e., some guy (a professor at Northwestern) spent his personal time trying to do right by the Mac community.] I seem to recall there was a general feeling of loss when he retired, and its development ceased.

I get this same vibe from ClamXAV. it's free to all... but donations are accepted. And by sheer coincidence [???] perhaps, I decided to donate to the cause yesterday... and then later spotted your thread. [plus the developer is a Brit, and your moniker sounds like... well, anyway.]

idunno. I might use it only once or twice a month, but I felt the dude is doing the community a service... so, why not help him out? But, you don't have to pay if you don't want to... so I don't really understand why this thread even exists.

Use it/don't use it. Pay/don't pay. It's more a matter of personal choice than any required paranoia over malware, etc. Only you know what sorts of programs you download and/or what sorts of sites you visit. [wild guess here but, i'll wager you may not even need it.]

Top
#12625 - 11/02/10 12:25 AM Re: Why did you install Clam? [Re: Pendragon]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: Pendragon
Most will agree, I presume, there are no true Apple viruses (though Trojans are becoming popular of late). Yet, many install ClamXav.

Ergo my question to those of you who do install Clam. Why do you bother?


I'm very careful where I travel on the web and never open anything unless I'm sure it's safe. If I receive spam I immediately write a rule that takes it out, and then I go to Webmail and report the spam to my ISP.

However, in spite of all the care, there are other ways things could be spread.

Like everyone else, I know lots of people who think that writing a letter is sending the latest joke, a link to some guy eating a motorcycle tire, a "forward this, have great fortune" email, or whatever. I've also read that these are among the ways that malware is spread.

Et cetera, et cetera.

For me, ClamXav is cheap insurance. Even if there isn't something happening today, I'd just as soon be prepared if it does.

I also like that it seems to be well written and doesn't adversely affect my machine's performance. I don't use much extra "stuff" (e.g. ClamX, Super Duper, Clean App) but, at the point I decide to buy something (and I try before I buy), I will have researched carefully and asked questions.

ryck
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS Mojave 10.14.6
Canon MX710 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 1TB LaCie USB-C
Carbon Copy Clone on 500GB OWC Mercury OTG Pro

Top
#12626 - 11/02/10 12:54 AM Re: Why did you install Clam? [Re: ryck]
artie505 Online


Registered: 08/04/09
> Even if there isn't something happening today, I'd just as soon be prepared if it does.

Bear in mind that the only thing you're prepared for is what's happening today...that if an Apple virus turns up ClamXav will be no more prepared for it on that day than it is today. (OK... You'll be a step ahead of the game having already d/l'ed the app.)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#12627 - 11/02/10 05:11 AM Re: Why did you install Clam? [Re: artie505]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
As of today, the folks at SOPHOS seem to be on board as well...
http://nakedsecurity.sophos.com/2010/11/02/anti-virus-mac-free/

Top
#12628 - 11/02/10 09:33 AM Re: Why did you install Clam? [Re: Hal Itosis]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Originally Posted By: Hal Itosis
As of today, the folks at SOPHOS seem to be on board as well...
http://nakedsecurity.sophos.com/2010/11/02/anti-virus-mac-free/


And now, how does one determine/what criteria is significant in choosing between Sophos and Clam?

(Though from here, it looks like Sopohs is more full-featured. Waddya think?)
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#12629 - 11/02/10 10:46 AM Re: Why did you install Clam? [Re: Pendragon]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
Again, it's your Mac and your usage habits (not mine) which should set the criteria. In my case (scanning the occasional app), Clam is my cup of tea.

I opened up Sophos with Pacifist for a look/see (some time after posting the link here) and espied a ton of stuff which didn't interest me. Sophos is around 3-times as massive as Clam... but you're right: it seems to have more features (such as hooking into the browser to analyze downloaded items or something?).

I posted that Sophos link strictly as a relevant "news" item... not as an endorsement or recommendation. [it's brand new AFAIK, and currently i'm not inclined to even install it.]

Top
#12630 - 11/02/10 12:37 PM Re: Why did you install Clam? [Re: Hal Itosis]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Thanks for sharing your insight Hal!

Re Clam vs. Sophos, I understand the dilemma. Alas, I was hoping an obvious choice would rise to the fore.

I'll be on travel for the next week or so, so for now I'll demur.

Maybe by the time I return, someone will publish a head-to-head feature matrix (but I won't bet on that).
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#12632 - 11/02/10 09:39 PM Re: Why did you install Clam? [Re: Pendragon]
AdrenalinOD Offline


Registered: 09/04/09
My old 6100 60AV got infected with a virus back in system 6 days and it took me hours and hours to reinstall my data from a 150 floppy backup set....
Virus checking has become a part of my maintenance routines ever since.
I run a virus check before I rebuild the directory with diskwarrior...every few months.
_________________________
Be Heard... Not Herded.

Top
#12634 - 11/03/10 06:15 AM Re: Why did you install Clam? [Re: AdrenalinOD]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
My last virus was in the mac os 8 days. Mac viruses back then tended to be additional resources added to the application, usually in window resources or MDBFs. Nowadays inserting code into a mac app isn't nearly as trivial, and I think that helps

But really, viruses aren't all that big of a deal nowadays. There's no money in it, and you're far more likely to interact with people over the internet than you are with physical media. Back then people were making malware for lols and that's about it.

Scareware and botnets are the current threat. Plenty of money to be made in both arenas. Spreading over the internet is so much more efficient, and it removes the automated computer element to a large degree. Instead of relying on security holes in the os, it targets the user as the weakest point in the security.

There's nothing better than Money to motivate and add sophistication to illegal activity.
_________________________
I work for the Department of Redundancy Department

Top
#12638 - 11/03/10 10:10 PM Re: Why did you install Clam? [Re: Pendragon]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
Originally Posted By: Pendragon
Re Clam vs. Sophos, I understand the dilemma. Alas, I was hoping an obvious choice would rise to the fore.

Hmm, perhaps this will help with that...



smile laugh grin wink


Edited by Hal Itosis (11/03/10 10:21 PM)
Edit Reason: tried to post the HTML5 version... but it seems the tag is getting removed somewhere.

Top
#12639 - 11/04/10 12:03 AM Re: Why did you install Clam? [Re: Hal Itosis]
macnerd10 Offline


Registered: 08/04/09
Loc: Los Angeles, CA
My first experience with Sophos antivirus.
First, it scanned all my files (not like ClamXav or iAntiVirus). Second, it found (the other programs did not) three Torjans and two spyware/malware "things". I can't call them programs because they are listed as documents. The interesting thing is that they all resided in a Java 6.0 cache folder (subfolders 28 and 31) in the user/library/caches. This Java update was recently installed through software update on an Intel MacBook Pro running 10.6.4. The program had a rather counter-intuitive way to get rid of these cache files. The next scan did not detect any "threats". True, they are all listed as Windows Trojans/malware. But still, does Java really install malware or is it just something that Sophos engine took for such?
Anybody sharing this experience? Would be most grateful for informed comments.


Edited by macnerd10 (11/04/10 12:06 AM)
_________________________
Alex
3.1 GHz 13" MacBook Pro 2015, 8 GB RAM, OS 10.11.2, Office 2011, TimeWarner Cable
2.8 GHz Xeon Mac Pro 2010, 16 GB RAM, OS 10.11.2, Office 2011, LAN

Top
#12641 - 11/04/10 07:44 AM Re: Why did you install Clam? [Re: macnerd10]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
Maybe someone knows those answer(s) over here --> http://openforum.sophos.com/MacAV

Top
#12642 - 11/04/10 09:11 AM Re: Why did you install Clam? [Re: Hal Itosis]
macnerd10 Offline


Registered: 08/04/09
Loc: Los Angeles, CA
Thanks, Hal! Posted it there. One user also said that a malware file was detected, also in Java caches but in a different folder, and just one. Looks like there are problems with Java 6.0...
_________________________
Alex
3.1 GHz 13" MacBook Pro 2015, 8 GB RAM, OS 10.11.2, Office 2011, TimeWarner Cable
2.8 GHz Xeon Mac Pro 2010, 16 GB RAM, OS 10.11.2, Office 2011, LAN

Top
#12649 - 11/04/10 04:07 PM Re: Why did you install Clam? [Re: macnerd10]
macnerd10 Offline


Registered: 08/04/09
Loc: Los Angeles, CA
Nice rundown in http://www.bleepingcomputer.com/forums/topic351472.html (this is about Windows but the same seems to happen on Macs, although the actual threat has not been evaluated, I guess):

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. However, when alerted to this type of threat, it's a good practice to clear the Java cache and clean out Windows temporary files.
So, looks like Sophos did its job well.


Edited by macnerd10 (11/04/10 04:08 PM)
_________________________
Alex
3.1 GHz 13" MacBook Pro 2015, 8 GB RAM, OS 10.11.2, Office 2011, TimeWarner Cable
2.8 GHz Xeon Mac Pro 2010, 16 GB RAM, OS 10.11.2, Office 2011, LAN

Top
#12657 - 11/05/10 09:53 AM Re: Why did you install Clam? [Re: macnerd10]
Paddy Offline


Registered: 08/08/09
Loc: Toronto, Ontario, Canada
Well, in response to Harv's original question - I'm not about to install anything that runs constantly in the background and has the potential to gum up my system. There are still no viruses for Macs in the wild and as Tacit says, the likelihood that I'll pass on that oh-so-helpful label .jpg that "DHL" or "UPS" (yeah, right) just sent me is nil.

Might want to read this thread at Sophos with some 60-odd responses in 2 days. (And whose bright idea was it to list the responses backwards?? Page 7 is the FIRST page at the moment. Very, very weird.)

http://openforum.sophos.com/t5/Sophos-An.../td-p/63/page/7

And I find this whole thing about it being free quite fishy. I doubt very much that it will stay free - that's not how Sophos operates. FUD, on the other hand, is much beloved by the AV producers operating in the Mac realm.
_________________________
Mid-2012 15" 2.7Ghz MacBook Pro Retina, 16GB RAM, OS 10.13.1
Late-2014 27" 4Ghz iMac 5K, OS 10.13.1
iPad Pro
iPhone 5

Top
#12659 - 11/05/10 09:58 AM Re: Why did you install Clam? [Re: macnerd10]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
For quite some time it's been the case that Mac AV software's primary function is to identify windows malware that somehow has found its way into your documents and desktop.

I love how they try to advertise things like that, "now detects over 400,000 known threats!" without mentioning that only 3 of them could actually cause a Mac any problems.

They're just the Mac's more commercialized version of Windows "scareware"


Edited by Virtual1 (11/05/10 10:00 AM)
_________________________
I work for the Department of Redundancy Department

Top
#12671 - 11/06/10 03:22 PM Re: Why did you install Clam? [Re: Paddy]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
I agree in spirit with the sentiment you convey, but just want to clear up some details...

Originally Posted By: Paddy
Well, in response to Harv's original question - I'm not about to install anything that runs constantly in the background and has the potential to gum up my system.

The original question was about ClamXAV, which doesn't belong in that "runs constantly in the background" category. [edit: i.e., by default... launch at login, scan scheduling, and sentry watch are all disabled.]



Originally Posted By: Paddy
There are still no viruses for Macs in the wild and as Tacit says, the likelihood that I'll pass on that oh-so-helpful label .jpg that "DHL" or "UPS" (yeah, right) just sent me is nil.

Might want to read this thread at Sophos with some 60-odd responses in 2 days. (And whose bright idea was it to list the responses backwards?? Page 7 is the FIRST page at the moment. Very, very weird.)

http://openforum.sophos.com/t5/Sophos-An.../td-p/63/page/7

Seems to be connected to users with BootCamp partitions: Slow-down when scanning? Work-around now available!. [fwiw, not all 7 pages contain negative comments... and those "pages" hold a small number of posts (compared to most forums).]



Originally Posted By: Paddy
And I find this whole thing about it being free quite fishy. I doubt very much that it will stay free - that's not how Sophos operates. FUD, on the other hand, is much beloved by the AV producers operating in the Mac realm.

Yeah well, google is "free" too... yet somehow they're "worth" billions.


Edited by Hal Itosis (11/06/10 09:41 PM)

Top
#12680 - 11/07/10 07:15 PM Re: Why did you install Clam? [Re: Hal Itosis]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Originally Posted By: Hal Itosis

Yeah well, google is "free" too... yet somehow they're "worth" billions.


Google is only free if you think of them as a search engine company. They're not--they're an advertising company. The world's largest advertising company, in fact. And their advertising services aren't free--in fact, they're quite expensive.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#12682 - 11/07/10 09:46 PM Re: Why did you install Clam? [Re: tacit]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
Originally Posted By: tacit
Originally Posted By: Hal Itosis

Yeah well, google is "free" too... yet somehow they're "worth" billions.

Google is only free if you think of them as a search engine company. They're not--they're an advertising company. The world's largest advertising company, in fact. And their advertising services aren't free--in fact, they're quite expensive.

Understood. But for me (and most here i suspect), we've been getting the benefits of free searches for over a decade without spending a single penny, much less clicking on an ad even... unless an actual purchase was our original purpose in searching to begin with.

Heh, i recall searching for some band called 'Fences' -- boy, that's a dumb name, unless you don't want to be found on the web easily. And many results nowadays from other similar vague search terms contain links to really silly pages trying to sell all sorts of stuff. And some of those links turn out to be merely another contrived search designed to sell something else.


Of course —beyond raw advertising —our usage habits (clicking/viewing/downloading/etc) are also being tracked... providing whatever info to whichever agencies. So perhaps that may be something Sophos is also doing to get their income[?] E.g., scanned filenames get culled into some huge database? :shrug: idunno. Maybe they're serving ads too somewhere. [i'm blocking flash and also certain sites via /etc/hosts, so i don't see everything i guess.]



Edited by Hal Itosis (11/07/10 09:53 PM)

Top
#12683 - 11/08/10 05:45 AM Re: Why did you install Clam? [Re: Hal Itosis]
Paddy Offline


Registered: 08/08/09
Loc: Toronto, Ontario, Canada
Originally Posted By: Hal Itosis
The original question was about ClamXAV, which doesn't belong in that "runs constantly in the background" category. [edit: i.e., by default... launch at login, scan scheduling, and sentry watch are all disabled.]


Sorry - I should have been clearer - I was referring to the Sophos AV - I'm quite aware that ClamAVX does not run in the background.

Originally Posted By: Hal Itosis
Seems to be connected to users with BootCamp partitions: Slow-down when scanning? Work-around now available!. [fwiw, not all 7 pages contain negative comments... and those "pages" hold a small number of posts (compared to most forums).]


Sorry that I missed seeing their workaround there, Hal. It was posted some 8 minutes before I finished this post, so in all likelihood, it wasn't there when I looked. wink And 60 responses in 2 days (there are now 65, not all of them from unhappy Bootcamp types, BTW) was significant enough to give one pause. There will always be more people complaining in a support forum - obviously. When assessing potential new software, I look for consistency of both good and bad experiences - and in particular, bad experiences that cannot be chalked up to user incompetence.

Originally Posted By: Hal Itosis

Yeah well, google is "free" too... yet somehow they're "worth" billions.


Sunil from Sophos responds to the "Why is it free?" question with a bit more detail:
Quote:
Re: Why is it free?
Options
11-08-2010 02:44 AM

Hi pixturesk

Thanks for the question. To clarify what we mean about providing this software for free let me provide some more detail.

We intend to support this software version for free until the time comes to retire it (and we have no plans or timescale in mind as to when this will be). For all users on the free version we will provide protection updates until the retirement date. We tend to provide at least 12 months notice of any product retirement; this allows customers and users sufficient time to plan and we would provide a similar notice period for this product.

Trust this clears it up and gives you enough information to recommend it within your groups.

Warm regards

Sunil


Why free? C'mon Sunil...it's not because you love Macs (as he states in a previous post) you (Sophos) love that you've got a potential new market - even though that market may be based largely on FUD. Offer it free, reel them in, then start charging. Get people used to/thinking they "need" Sophos AV at home and sooner or later, that "need" will be extended to the enterprise environment, where it is not free.

SophosAV Home Edition for Macs...a gateway AV. wink grin

Of course, it's possible that Sophos will always offer their home edition for Macs free, just as AVAST and AVG do on the Windows side, but with Sunil's hedging, I suspect that this is not the case. Time will tell. Generally the model these AV producers follow is to offer a basic edition free and then further features are available in a paid version. Some people actually want or need the features of the paid version - some probably just think they do.

Avast's CEO talked to ZDNet Asia in May about their model:

http://www.zdnetasia.com/avast-freemium-is-very-profitable-62063054.htm
_________________________
Mid-2012 15" 2.7Ghz MacBook Pro Retina, 16GB RAM, OS 10.13.1
Late-2014 27" 4Ghz iMac 5K, OS 10.13.1
iPad Pro
iPhone 5

Top
#12685 - 11/08/10 06:58 AM Re: Why did you install Clam? [Re: Paddy]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
If SophosAV was total snake oil, you might have a point.

I notice that your first reply was "linked" to macnerd10's last post... but its content wasn't really directed at his statements. Care to comment on his post then? [i'm not really that good a protagonist in this matter. wink ]

Top
Page 1 of 2 1 2 >

Moderator:  alternaut, cyn