Should Apple bundle ClamAV with Mac OS X? I have a yes, a no and plenty of maybes in store for you.
For years, the simple fact an operating system vendor would bundle anti-virus software with his product had me rolling on the carpet, in a fit of hysterical laughter - a scary sight, if there ever was one. Why? Because people charging others to fix problems they have created just seems to me the lowest ever form of business there can be.
Yet, I cannot help but think there might be some ground for bundling an open-source application like ClamAV into Mac OS X. Before you reach for the comments section and recommend some chemical compound, here are my thoughts in greater detail:
- ClamAV is an open-source product and, as such, integrating it would not oblige Apple to sell its soul to another company and would not raise questions on the necessity to keep an ongoing partnership - something the company’s tense relations with McAfee proved was a bad idea.
- Again, ClamAV being an open-source product, bundling it would not mean Apple would be favoring a commercial competitor in the anti-virus market. There is already a built-in Mac OS X firewall, with an easy to activate on/off switch, which does not prevent other companies from selling other solutions.
- ClamAV runs remarkably well on Mac OS X but its team lacks experience with this platform. Perhaps bringing in Apple’s expertise could help further improve the project and help it stay at the top of the virus game - provided, of course, this collaboration is based on mutual respect.
- ClamAV would not only help prevent against trojan horses (and alleviate social engineering risks), it could be tied into Apple Mail, iChat, Bluetooth file transfer and a user’s Drop Box, helping all users secure their computers by default. Apple’s knowledge of file system surveillance could make that integration seamless. All this could be controlled from a tab in the Sharing preferences pane — or Security.
- Apple already has a secure, authenticated update mechanism in Software Update, that does not rely on .Mac. Virex’ update mechanism was suicidal at best, murderous probably. ClamAV supports signed updates already, for everyone’s tranquility.
Of course, one could argue bundling an anti-virus daemon with the system would give the Apple engineers a false sense of security and maybe even discourage the company from adopting best practices. Yet, social engineering is something such applications are great at stopping and best practices cannot to anything against - or very little. My answer would therefore be that both are very complementary.
Before wrapping this up, I would like to salute Mark Allan and his excellent ClamXav application, about which we have written. I know Mark works very hard to make this application what it is and I would hope that, should Apple ever consider bundling ClamAV with Mac OS X client for real, they would ask him for his expertise and wisdom.
Disclaimer: I am in no way related to Mark, ClamAV or Mayonnaise producers. I do like the three of them, though, and for very different reasons.
Mac OS X Server already has an implementation of ClamAV in place for its mail filtering. So, a good portion of the work is probably done already...
I'm pretty sure Apple already bundles it with OSX Server for use with postfix (scanning messages for email viruses). So bundling it with the client wouldn't be much of a leap, although they defintely will need more GUI for folks to have that "Mac experience" with it.
I use ClamXAV now and love it, if I could just find instructions for enabling signed updates I'd be happy.
I would be a very smart thing for Apple to do. As a user I really don't view my operating systems defending itself from attack as an "add-on" service. It is an essential aspect of the OS, that a user has to pay extra for this as a service is absurd. Kinda like paying extra for "Seat Belts."
The timing is bad right now for Apple to do something like this. Bundling ClamAV would only serve to provide more fodder for those people who equate OSX and Windows security-wise, as they'll just say "if there're no viruses for the mac, why do they ship with an anti-virus." As foolish as that sounds, that would be detrimental to the Apple brand, so it's not worth doing. Of course, they could do it and not publicize it, but I doubt that Apple would go that route either.
My take on ClamXav:
http://www.maccompanion.com/archives/december2005/Shareware/ClamXav.htm
If Apple is going to bundle AV, this sounds like a good one to go with, especially given the other comments. However, it must be easy to turn off completely. Personally, I would never want to use any AV on a Mac, and I sure wouldn't want to suffer the large performance hit from scanning everything going through my system for something I'm not using. Like the firewall, ship it, but turned off. Let users turn it on if it'll make them feel better.
I don't agree Jeremy. Ship all security features (firewall, av, etc) turned on but inform users about how to turn them off and if they do want to turn them off display a warning. For advanced Mac users this may be a slight inconvenience but for a lot of users it will help save them from nasty things. In my view it's better to start out with everything bolted down and then open things up if you want to, rather than everything open (and risking attacks and exploits) and then close it off.