Interview with F-Secure: Antivirus for Mac OS X, useful or not?
Malware for Mac is still rare especially compared with the Windows platform. Is it because of the inherent security of the unixoid operating system or is it because it’s not appealing enough for virus writers? This is the parting of the way. F-Secure sees a growing need for Mac protection. Otherwise the security vendor wouldn’t have released a beta F-Secure security suite for Mac OS X.
Before we start our talk, some basic facts on F-Secure Mac Protection Beta.
MN: Where is F-Secure for mac available at?
F-S: http://www.f-secure.com/en_EMEA/downloads/beta-programs/home-office/fsmac/index.html
MN: When will the final version be launched and at what price?
F-S: What the beta currently represents is a component of our “security as a service”. Much of our business is operator/ISP driven and our customers have mixed ecosystems, Windows/Macs/Mobile phones.
Our Mac software is already available to our ISP partners and some already have it implemented into their/our service (co-branded clients). So in a sense, those customers have already bought the Mac component along with the Windows clients, as part of their service. Prices vary based on the ISP partner.
However, we are aiming to launch a consumer etail/retail version later this year. Schedule and pricing has not been determined, yet.
MN: What are the key features of F-Secure for Mac?
F-S:
– Real-time antivirus protection with automatic updates
– Firewall protection by integrating with OS X internal firewall
– ‘Panic button’ to instantly block all traffic except update servers
– Localized into major languages, also German
– Fast performance
Regarding the Firewall, we are providing a control feature, and are turning on the Firewall which is off by default, rather than integrating.
MN: OK, thats for the hard data. First of all thanks for the interview, especially because I’m kind of a person who thinks that a virus scanner also on Windows platforms is not a must-have application and is of the opinion that a Mac protection is fully useless. Furthermore, I think that the marketing of Mac AV products is very often misleading. But even Apple sees it differently and recommends using a virus scanner for Mac OS X operating systems. F-Secure launched already last year a beta for an AV for Mac and now has added a firewall feature. Why have you decided to come up with a Mac Protection, are there real malware threats for Macs and what’s your target group for F-Secure Mac Protection?
F-S: A big part of why we decided to develop a Mac client is because our operator/ISP partners were asking for one. We aren’t just trying to develop a Mac client, but rather, to provide access to our services.
This is true across all of our software clients. For example, our Windows software is pulling more and more features and information from “cloud based” servers. Our future goals include providing all of our security services to our customers regardless of the platform.
What this means is that our real goal is to protect “the user”, not the computer. Computer Operating Systems have become more secure over time, and standard AV is not as necessary as it once was. We don’t want to provide standard AV services.
So why did we start with AV for the Mac? Because that is the natural starting point. It is the keystone in our development process. Our future focus will expand to user based protections.
MN: 2009 I was told that worms spread via porn videocodec or torrent infected several ten thousands Macs. Can you confirm? And how do you see the Mac epidemic?
F-S: Yes. There have been many DNSChanger infections (http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml) and numerous variants. The trojans rely on social engineering (as does the vast majority of Windows based threats). The gang responsible makes money by circumventing Web searches for porn to their “sponsored results”. So the victims are looking for porn, take the bait, and may not even realize later that their searches are manipulated.
They’ve been successful enough at this, that they expanded into Macs two years ago.
(Other Mac threats: http://www.google.com/cse?cx=014625612662474666087%3Ac54csftgqbi&ie=UTF-8&q=OSX)
I would not call this an epidemic. It exists. Current it is easier to target Windows. (Mikko sums it up nicely here: http://news.cnet.com/8301-27080_3-10444561-245.html)
MN: The fundamental criticism: Without the user’s interaction no malware works on the Mac. AV software is not able to take the rights from root so that if wanted the AV software can be by-passed or disabled. And sensitive users shouldn’t install software which you might want to scan before installing it. Incompetent persons will very likely not “listen” to warnings from an AV software which they can by-pass. And last but not least you educate yourself and others to switch off your brain: someone who thinks is protected by a fool-proof AV software might accept higher risks when installing software and behaves incautious. To not do and behave like this a user doesn’t need a virus scanner. A virus scanner encourages users to unwary behavior und thus, weakens the security of the system – Q.E.D. Long introduction and here now the question: isn’t a virus scanner counterproductive on a system like Mac which educates user to an attitude “let the system do it” and for which the malware distribution is almost zero?
F-S: Most malware, on every platform, doesn’t work without some kind of human interaction.
“Incompetent persons” is not being fair to people. Here is a great blog post related to this: How to spot a sucker (http://rpaulwilson.blogspot.com/2010/01/how-to-spot-sucker.html).
Answer: “stand in front of a mirror”
The bad guys know the game. The victims don’t. Providing security services to customers is not counterproductive to their security attitude.
MN: Now coming to the F-Secure solution: The beta looks cleaned up and integrates seamlessly into the system. During testing I realized that the app is mean on information. While downloading the EICAR test file the scanner immediately reacted and deleted the downloaded files and mentioned that this was malware. But I would have expected that the latest in the log I’ll have the possibility to find more information about what has been found. Is this meant to be the easiness which is typical for Mac (where users are not bothered with unimportant things) or will there be more information available in the final version?
F-S: As noted above, the Mac client is currently just the beginning of what the team wants to develop.
MN: One pro argument for virus scanners for Macs is the protection for Windows systems: a Mac user is not spreading malware which doesn’t harm the own system, but can potentially damage others. At vxheavens.com I could download stuff without F-Secure’s Mac Protection complaining – Windows and Mac viruses. A I commit that these were very old and compressed/not compiled scripts/sources – does this explain why the scanner didn’t work? Or is just the malware database not yet ready?
F-S: Detecting Windows malware from the Mac OS is a feature in development within the teams scope. As noted above, we wish to provide protection to our customer’s entire ecosystem.
MN: Personal Firewalls are my personal favorite enemy. So why should a user add the in F-Secure Mac Protection integrated firewall if there is a pre-installed firewall on Macs?
F-S: We are turning on the pre-installed firewall and are providing an access panel. We are not replacing the pre-install version with our own.
MN: I have a serious issue with the fact that in the current Beta of F-Secure Mac Protection I cannot see at all what the firewall does and what has been blocked. Does the firewall block programs calling home like Little Snitch? Does the firewall block unwanted inbound traffic? E.g. ping goes through…
F-S: I’ll pass this feedback to the team. Perhaps they can also provide a better interface to see such details than the OS provides.
MN: Thanks again for the Interview – all the best for F-Secure and the protected Macs and PCs.