I think overall I’d say that if you’re worried about what we call commodity malware (or mass market malware) – the kind of crap that criminals are throwing at everyone just to see how many people they can screw – then using MacOS reduces your exposure somewhat. Doesn’t eliminate your exposure, just reduces it, and you’re still strongly recommended to use an AV product on your Mac. If, on the other hand, you’re worried about targeted malware – someone like a state sponsored group trying to get at you specifically – then running MacOS doesn’t help reduce your risk at all.
Can you recommend any AV software for use on MacOS that actually identifies and removed malware that has payload malevolence under MacOS, as opposed to simply looking for and quarantining Windows malware that it finds in the MacOS environment?
Ok, this is the most simple way I can say this (back to the initial question):
Currently, if you are a typical, common, average, computer user,…
. if you use Apple, Linux, Android, you DO NOT NEED an antivirus software.
. if you use Microsoft Windows, you CAN NOT DO WITHOUT an antivirus software.
(I know that, for those that have used Microsoft Windows only, this is hard to understand/believe)
And in 2016 you’d be wrong. Again. In 2005 I’d have agreed with you. Time for you to get a version update on your knowledge.
In OP .mp3s were mention; later, .pdfs.
An extension is just a name for a filetype, and any criminal could say “my name is…”
And in fact I never understood why “you can’t get malware from mp3s, so torrent away, but watch out for executables” is a thing in the “sharing” Pirate Bays out there.
This is a nasty attitude for so many reasons. I am a member of that “SD community” and find this request repulsive and antithetical to what goes on here.
If a criminal says “I am a block of wood” and you respond by throwing him on a bonfire, that does not help him get into your house. Yes, it is possible to change an executable file’s extension to MP3, but if you do, your computer will treat it like an MP3, and try to read it as if it was an MP3 file instead of executing it as if it was an EXE file.
Yes, I agree, and have always operated under that assumption. Hence my query.
My experience is mostly with Windows, so I’m not very familiar with the options for Mac AV. Here is a review site that likes Avira’s free AV for Mac.
Sophos and Avast make decent free AV for Windows and offer free Mac products as well, I believe. You might take a look at them too. You can always run one for a while then try the others if you don’t like it.
I like AVG for Windows. They also have a free Mac version. Download Free AntiVirus for Mac | Mac Virus Scanner | AVG.
Probably any of the reputable vendors like these will offer decent protection with a minimum of performance impact.
On the topic of file types and extensions:
You can name an executable something like evil.mp3.exe, which will fool some users into thinking it’s a media file. They may then execute the file.
However, you can also create specially crafted files that behave as normal files but execute malware as well. This is commonly done with PDFs. The bad guy creates a PDF that has real content like you’d expect, but the file is constructed in such a way as to exploit a flaw in the reader software. PDF is not intended to be an executable format, but by taking advantage of flaws in the reader software, it effectively can be.
I’m not aware of any current malware that delivers malware via mp3s, but it is probably possible. Again, the bad guy would probably need to generate a specially crafted mp3 that would exploit a flaw in a media player. I imagine that could be done.
My bold. There is an absolute shit-ton of Android malware in the wild.
This is true, although to be fair, if you are set up on your Windows box as an Administrator who does not require password authorization to install software, it is, in some cases, possible for the software installation to begin without any direct input from the user.
The first thing i do when i get a new computer or install a new Windows version is to create an Admin user, and then add a second limited user account where i do all of my day-to-day computing. That means that anything requiring installation will pop up a dialog box asking for a password before anything gets installed.
One of the biggest problems with computer users is that, in many cases, they do certain things so often that those things become habit. When a dialog pops up requesting permission to install software, they will automatically approve the installation without checking what is actually being installed.
On a separate issue, anyone claiming that malware isn’t a problem on Android doesn’t know what the hell he’s talking about.
Oh, and on the topic of Linux malware…
One of the more serious incidents I managed last year was at a client who didn’t have AV on their Linux servers because “Linux doesn’t get malware.” Surprise! It does. When we took an image of the server and ran a plain old virus scan on it, it lit up like a Christmas tree.
They run AV on their Linux boxes now.
On the topic of users running with elevated privileges…
It is true that forcing users to run with lower privileges is an important way to reduce the risk of malware. However, a lot of malware works by exploiting buffer overflows. If you can exploit a buffer overflow, you get system level privileges, regardless of the access rights of the user context you start in.
Buffer overflows are made possible by poor coding in an application (not usually the OS). However, the OS can reduce the risk of buffer overflows by implementing Address Space Layout Randomization (ASLR). This helps the OS compensate for crummy applications. MS was somewhat late to the ASLR party, but the past few versions of Windows have had it. It’s not 100% effective, but it’s a good improvement.
So, anyway, malware exploits and defense is a pretty complicated topic. 
Your sources support here and there’s point, so why would he admit he was wrong when you have shown no such thing? Are you under the mistaken impression that something that was tiny but is currently increasing must be larger than something that started huge? Or do you believe that if something is shown to have some vulnerabilities it can never be said to be less vulnerable when comparing it to some other product? Quoting from your source that you apparently believe contradicts here and there:
"Ransomware has presented a significant threat in recent years but attackers have, to date, largely focused on Windows users. "
"In most years, the number of new Mac OS X vulnerabilities has been lower than the number of Windows vulnerabilities found. "
“The number of iOS threats discovered to date remains quite small, although it is beginning to increase…”
Read Slashdot daily for a month or two.
It’ll get you up to date on ransomeware and all the other delightful threats out there these days.
I’ve run Windows at home since 2003 and have never gotten a virus.
One significant difference between mp3 and pdf, however, is that there’s really only one big name in PDF readers: If you send someone a PDF, you can be confident that they’re probably going to open it in Adobe Reader (or in Preview, if they’re on a Mac, but that’s well under half of users). So if you find a vulnerability in Adobe Reader, you stand a good chance of being able to exploit it. On the other hand, there are tons of programs out there that open up mp3 files, and you probably don’t know a priori which one your target is using. You can gamble that they’re using, say, iTunes, but they might not be. So any exploit against mp3 software will necessarily have a more limited scope than one against pdf.
It was my understanding that OSX only allows each application to access a limited subset of memory, not shared by the OS or by any other application. Thus, even if a bit of sloppy code in the application allows a buffer overflow, it can only overflow into other areas of memory used by that same application, and hence can only do what that application has permission to do. Which could, of course, still cause you problems, but it couldn’t do things like overwrite system files.
That’s a great point. The proliferation of media players would slow you down if you’re trying to infect as many machines as possible. If you were targeting a specific person or organization and you knew what player they used, it might be worth writing an exploit for that player. Your victim probably wouldn’t be looking for that…
I was speaking mostly about Windows. I’m not familiar with how MacOS handles memory assignment and sandboxing. I’ll take your word for it.
Antivirus is like a flu shot. You can avoid the shot and not get the flu. You can take the shot and still get the flu. But you’re better off with the shot because it reduces your chances of catching it.
(Actually, a flu shot is LITERALLY an antivirus but that’s beside the point.)