Mac Forum / General / General / April 2006

In article <1145529718.792721.119350@t31g2000cwb.googlegroups.com>,
"Deirdre" <dhonner@gmail.com> wrote:

I am glad to help.

This thread is a spinoff from the previous thread 'Yet Another Symantec
Problem' where I reported yet-another Symantec Norton Anti-Virus
security hole. I NEVER recommend folks use NAV for many reasons. Here
are the alternatives for MOSX currently available that I am aware of:

1) Virex: $40.21 per license (but note that you have to buy 5 licenses
at a time). I have been using Virex for many years. In the days of Mac
OS 7, 8 an 9 it was easily the best due to a nice feature where it
checked if files had been modified since the last time it had run. Its
speed was remarkably fast because it knew when it could skip over files
it had previously checked.

Then McAfee bought it, tossed out the old programming and made it just
another anti-virus program without any speed advantage. But I have stuck
with it. The fact that it was free at .Mac until 2006 has helped.

Great things that remains about Virex are that its virus definitions are
updated for FREE very regularly, McAfee have a top notch virus
information center, and I have never heard of it messing with anyone's
system. It simply works.

Well, actually I have read about the virex background engine, called
VShield, hogging the CPU. In reality it only does this if you have its
services activated in the Virex preferences, and only when your CPU is
otherwise at rest. VShield is set with a low CPU priority. If it bothers
you it is very easy to remove it from your startup items. It really
serves no purpose, so far, since there are still no Mac viruses 'in the
wild' to worry about. Instead you should regularly start up the Virex
application alone and have it check your entire computer on a regular
basis. I do this at very least every time there is a new virus
definitions update, which is about every 2 weeks. Occasionally it
discovers some Windows virus sent to me in email. I have never had it
report a false-positive virus discovery (unlike Norton Anti-Virus!).

Sadly, McAfee now only sell Virex 7.7, the latest MOSX 10.4 compatible
version, in lots of 5. You can't buy individual copies. I've talked to
them about this, but they refuse to provide alternatives. They only want
to sell Virex to enterprise computing environments. You can download a
demo version.

<http://www.versiontracker.com/dyn/moreinfo/macosx/10355>
<http://www.mcafee.com/us/enterprise/products/anti_virus/file_servers_des
ktops/virex.html>

2) ClamXav: FREE, Open Source and cross platform. It's virus definitions
are regularly updated. But it is very primitive and clunky. With time it
is getting better. Sadly, a few weeks ago a number of security
vulnerabilities were been found in the current version. (Echoes of
Symantec!). But it much better than not using an anti-virus at all. I
expect it's holes will be patched in the coming month. The patches have
already begun on Linux and will soon filter over to Mac.

Other points: If you dig around you can find a beta version that worked
on MOSX 10.2.x. Don't bother, it is total garbage. Also, ClamXav is
incompatible with MOSX Server 10.4.x. It has been reported to conflict
with some other applications like TigerCacheCleaner. Its scheduling
system has problems.

<http://www.versiontracker.com/dyn/moreinfo/macosx/24449>
<http://www.markallan.co.uk/clamXav/>

3) Intego VirusBarrier: $70 + $30 per year for virus definition updates
(after the first year). This is the newcomer to the anti-virus business.
But it already has a better reputation than Virex, going by ratings over
at Version Tracker. It is a Universal Binary that runs natively on
Macintels. It has a niffy kewl GUI, and has built-in automated virus
definition updates. Its best feature is the one that Virex used to have:
Speed. It indexes as it scans, allowing it to skip files that have not
been modified. Instabilities have been reported, as well as a propensity
to toss up annoying modal message boxes. Thankfully Intego keep
improving it with regular updates.

My reservation here is the money sucking. No way do I want buy into a
virus application so I can pay $30 per year for new virus definitions. I
could justify paying if I ran a facility of Macs, but not for just me
and my PowerBook. There is no demo available.

<http://www.versiontracker.com/dyn/moreinfo/macosx/16289>
<http://www.intego.com/virusbarrier/>

4) Sophos Anti-Virus: $?? (The price is not available on their website.
You know what that means). This is a professional grade virus program,
designed for businesses with a network of computers. The Sophos virus
information center is excellent. It is a great place to visit regularly
even if you never use their software. As for the program itself, the
debate about it is quite contentious. Some people have found it buggy
and unstable. Some consider the GUI out of date. It has been known to
make false-positive virus discoveries. And then there are some people
who like it just fine. They have a 30 day demo. You want the standalone
Mac OS X version.

<http://www.versiontracker.com/dyn/moreinfo/macosx/9815>
<http://www.sophos.com/products/es/endpoint-server/sav-mac.html>

5) TigerCacheCleaner: $9 shareware. It had to happen, and I am glad
TigerCacheCleaner did it first. This inexpensive shareware program
integrates ClamXav virus scanning, including scheduling! It is a
Universal Binary that runs natively on Macintels. The only problems I
have read about are instability and occasionally flaky behavior.
Thankfully it is regularly updated. Beside virus checking this utility
does nearly 40 other things related to Mac OS X. Essentially it
integrates the abilities of scores of other utilities at a decent price.

NOTE: TCC is supposed to work on MOSX 10.1 - 10.4.x. I have not verified
this. It is typical for Universal Binaries to only work on MOSX 10.3.9
and above, despite claims to the contrary.

Also Note: The developer is offering a bundle of TCC with their Lights
Out program for $1 more. "Lights Out is an application designed to give
users more control over Apple's Energy Saver." Check their website.

<http://www.versiontracker.com/dyn/moreinfo/macosx/16494>
<http://www.northernsoftworks.com/tigercachecleaner.html>

CONCLUSIONS:
  - Intego VirusBarrier gets the bells and whistles award. But you pay
for it, every year.
  - Virex works fine, but you basically have to already have it, or
obtain it by some circuitous route, to use it. Virex 7.2.1 and 7.6/7.7
work fine with MOSX 10.4.x. Virex 7.5.1 does not, only with 10.2.x and
10.3.x.
  - ClamXav is a good idea and very decent for free, but it is not
exactly ready for prime time.
  - TigerCacheCleaner looks like a better alternative to the ClamXav
application, providing all its capabilities along with a zillion other
features for cheap.
  - Forget about Sophos software unless you are an enterprise. But most
definitely visit their website to learn about viruses! It is a great
place.

Further EXCELLENT information about Mac OS X malware and vulnerabilities
is available from Secunia. You can sign up for their weekly summary
email list. You can visit them at:
<http://secunia.com/>

Every week (or so) I post a 'Mac Security' thread here at CSMA and CSMS
where you can find out the latest news being reported regarding MOSX
vulnerabilites and patches.