Click.

December 3, 2008 (Computerworld) Apple Inc. late Tuesday yanked a controversial support document from its Web site that had urged Mac users to run antivirus software because the recommendation was "old and inaccurate," a company spokesman said today.

The document, which had become the focus of considerable discussion among Mac users and security experts this week, is no longer available on Apple's support site. Instead, browsers directed to its location display a generic message: "We're sorry. We can't find the article you're looking for."

"We have removed the KnowledgeBase article because it was old and inaccurate," Apple spokesman Bill Evans said in an e-mail Wednesday.

"The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box," he went on. "However, since no system can be 100% immune from every threat, running antivirus software may offer additional protection."

The now-missing document was brief -- just 81 words -- but it was enough to stir debate. "Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus-writing process more difficult," the document said. It also listed three antivirus programs from McAfee Inc., Symantec Corp. and Intego, a small Mac-only security vendor.

Some users, bloggers and security professionals had viewed the document -- which was actually a revision of one first posted last year -- as a change of heart on the part of Apple, which has poked fun at its biggest rival, Microsoft Corp.'s Windows, for being susceptible to attacks in several television ads over the years.

Several security researchers applauded the move, and agreed that it was time for Mac users to start buying antivirus software. Others, however, called it a tempest in a teapot -- though not necessarily because they agreed with Evans' contention that the Mac's operating system provides adequate protection against threats.

"There's nothing inherent in the [Mac] OS to stop someone from writing a virus," Charlie Miller, a researcher at Independent Security Evaluators and a noted Mac and iPhone vulnerability hunter, said in an interview Tuesday. "But at this point, no one's taking the effort to go after the Mac."

Andrew Storms, director of security operations at nCircle Network Security Inc., called the fracas "a big to-do about nothing," but blamed Apple's attitude as much as anything. "If it wasn't for the fact that Apple has been so smug around malware and viruses and such, this would not have been such a big deal," he said.

Today, Storms used the disappearance of the antivirus recommendation to chide Apple over its reputation for secrecy about security. "Finally, an Apple spokesperson discusses security," he said. "Hey, Apple actually responded, so that's certainly a good move."

But he also argued that the whole incident -- the quiet posting of the document then its disappearance -- was a perfect example of Apple's lack of transparency regarding security, something he's criticized before. "The original document was posted in 2007, then updated in November 2008, but all it needed was one line that said 'Posted 2007, revised 2008,' to have avoided all this," said Storms. "Instead, it became a big brouhaha because we didn't have any information. Look at the message you get when you try to reach the document now. It doesn't say anything about why it was pulled."

Transparency, Storms continued, may not be of much importance to consumers -- admittedly Apple's biggest customers -- but it does matter to businesses that use Macs. "The average consumer hasn't a clue what it means when I say 'transparency' related to security," said Storms. "They just want their iMac to work and not be full of viruses.

"But in the enterprise, [patching] takes resource planning," he said.

In late September, Storms, Miller and Swa Frantzen of the SANS Institute's Internet Storm Center debated Apple's patching process; Storms and Miller took Apple to task for its laissez faire scheduling, or more accurately, the company's lack of warning before it issues patches.

"I'm not saying Apple should hold back patches for some artificial schedule," Storms elaborated today. "But there's a difference between that and back-to-back days with patches, with no notice and no mitigation steps.

"Enterprises need intelligence and tools and information" to adequately handle security, none of which Apple provides in sufficient quantities for businesses, Storms said.

"Imagine if you got in your car and it said you had to take it into the shop today, or something bad was going to happen," he said. "But you have kids to get to the soccer game and you have to go to work. You can't just drop everything."

From Storms' perspective, Apple is that car. "You can't treat enterprises like that," he said.




I'm surprised that they were just talking about how Macs should have an antivirus, not how they shouldn't have multiple.

Meh, two days ago I think I got a virus on my mac, because suddenly, when I turned on my computer, every app crashed while opening, meaning I couldn't do anything. I couldn't software update/use disk utility either. I restarted and the problem was still there, so I had to repair my mac from my backup disk (thank god I have one, otherwise I'd have lost everything).

Virus? I don't know. In each case, I'll keep my firewall turned on in the future.

That shows how vulnerable it is, now lets see if Linux has some virus attacks lately.. ( <-JK)
But i see how easy it is for hackers, when everyone says: "Oh, there doesnt exist viruses for Mac, Ill just turn off th firewall.."
And there is where to remember: Dont be too early in taking decisions.
Its easy to see when they say it everywhere!
And this is the first time Apple admit it
I doubt that Microsoft was like that..
Then Apple and Microsoft finally have something common
And still Linux is held out of it.. (what a loner OS )

I still thing Macs are pretty strong (not that'd I'd say much else...) and they're just wanting to make sure nothing serious does happen =]

~Magical

It's not that Macs are "invisible" or something like that; it's that the majority of viruses are built for Windows-based machines. It's roughly a 90/10 spit with Windows/OS X. Why would a hacker develop a virus or malware for only 10% of computers, while he could put that same effort into possibly affecting 90% of computer users?

That's not to say that there aren't viruses, there just aren't as many. OS X can still have viruses.

Currently I own a MacBook and I have no virus programs on it. I haven't felt the need, as I only go to a handful of websites, never accept files from unknown sources and don't get many attachments from Windows computers. On the other hand, three of our four Windows-based computers have anti-virus programs on them. The only one that doesn't is a school-issued laptop for my dad that has Deep Freeze on it, preventing it from viruses.

Now, there are ways that Windows and OS X are equally susceptible to malware. Phishing is getting more and more common, using fake websites to lure people into entering their credit card information and therefor giving all that to the 'hacker'. Both OS's have trouble competing with that. In that case, it's where the user needs an 'anti-virus' program: training on safe computer using.

~Bcloutier~

Mac have a good immune system to virus ive never had a virus with mine i have the firewall turned on that is about it and im safe almost 99 percent of the time the other percent o well. Really there is only 10 virus for mac and over 1 million for windows. Mainly because mac is built on a unix core like linux.