I know. All this Apple rogue-related excitement and I’m staying out of it. What’s more, I have absolutely nothing to say about iCloud.
I’m just too busy changing all my Sony passwords.
There is a relevant (to rogue AV on the Mac, that is) article here by the ever-dependable Paul Ducklin. He makes some points that have been made before, but still bear repeating:
Firstly, Apple’s built-in XProtect is not a full-blown countermeasure: it doesn’t detect everything, it doesn’t cover all infection vectors, and it updates every 24 hours, which may not be enough given how quickly the Mac Defender/Shield/Whatever gang respond to its Apple’s updates.
In fact, I’d say that it’s at about the same stage that anti-virus companies were at in the late 80s…
Secondly, the App store is not the place to look for anti-virus software: Apple won’t, as I understand it, approve any AV that uses an on-access scanning component. The Apple store does carry an AV/security package – which one seems to depend on where you are geographically – but not a range of packages. Which reminds me that Avast! is following Sophos along the free-to-home-Mac-users path (Avast! has been offering a free product for Windows for donkey’s years…) with a free Mac scanner, currently in beta. I haven’t looked at it myself, but Avast! is certainly no rogue vendor: it’s a company with many years of experience in AV. (Tip of the hat to Kevin Townsend for flagging it, and his commentary.)
Ducklin also makes a point worth reiterating as regards rogue AV irrespective of platform: something that offers you a free scan but insists that you pay for disinfection is suspicious by definition. (Some legitimate AV companies did do something like this in the dim and distant past, and you may find anti-spyware products that still do, but the practice is generally discredited, not least because of the rise of fake products.)
David Harley CITP FBCS CISSP
Small Blue-Green World