On 21-Nov-08, a short support article appeared on Apple's Web site, likely placed there by someone with no idea of the chain of events he or she was about to initiate. The article summary was, "Learn about antivirus utilities available for the Mac OS." The bombshell statement in the article? "Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult." The article went on to list three of the major antivirus programs for the Mac.
At first, no one really noticed. Then, on 01-Dec-08, the note gained the attention of Brian Krebs at the Washington Post [1], who wondered if this statement signified a notable shift in Apple policy. Apple has never formally recommended third party security software for Mac OS X, so what was responsible for this seemingly major shift in policy? The rest of the industry press and blogs quickly picked up on the story, filling the Internet with a storm of conjecture and, based on the number of questions we received here at TidBITS, concern among Mac users wondering if they were suddenly less secure.
Early investigation indicated that the odds were high this was merely an overview article put out by a low-level employee in Apple's support organization, and never signified either any change in Apple's stance or the security of Mac users. The article was actually an update of an earlier note from 2007, changed to include the latest versions of the antivirus programs. Even the wording was awkward, allowing the interpretation that Apple was recommending users install all three programs. Within hours after the news hit, Apple removed the support article, thus creating a second round of coverage speculating that negative press pressured the company into reversing their new position on antivirus.
Based on the evidence I've been able to gather, I believe this updated technical note was never seen or approved by senior management. It was likely meant to highlight which antivirus programs supported Mac OS X for those users interested in installing the software. Although Apple hasn't detailed the exact chain of events, Apple spokesman Bill Evans told me:
"We have removed the KnowledgeBase article because it was old and inaccurate. The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100% immune from every threat, running anti-virus software may offer additional protection."
In short, Apple isn't telling users they all need to run out and buy antivirus software (much less multiple programs), but they also admit that antivirus software may offer some additional protection. This is consistent with my article, "Should Mac Users Run Antivirus Software? [2]" (2008-03-18), in which I recommend that the average Mac user avoid antivirus software.
The reality remains that although Macs are far from immune to security issues, there is very little malicious software that targets them. Macs can be affected by malware on occasion; I've been contacted twice in the past year by people who downloaded and manually installed malicious software onto their systems. I also work extensively with security researchers who tell me that Mac OS X's built-in protection technologies can be circumvented by an experienced attacker. But neither I nor the security researchers with whom I work know of any widely deployed exploits for Macs. Unless you are either specifically targeted by a knowledgeable bad guy, or spend a lot of time downloading software from risky sites, the odds are extremely low you'll ever encounter malicious software. Macs aren't inherently more secure than PCs, but they are practically never targeted, dramatically reducing the risk a Mac user will be compromised.
Thus I'd like to reiterate our previous advice:
Neither I nor the security researchers with whom I work run antivirus software on our Macs, but I'll be the first to change my position and recommend wide use of Mac antivirus tools should the situation change. Until then, there's simply no reason for non-enterprise users who avoid risky behavior to bog down their Macs with antivirus software.
[1]: http://voices.washingtonpost.com/securityfix/2008/12/apple_mac_users_should_get_ant.html
[2]: http://db.tidbits.com/article/9511