Macenstein

Reviewing Anti-Virus software for the Mac has always been a bit tricky. Macs have a well-deserved reputation for having pretty much 0 viruses under OS X (in the wild, anyway), so in general the thing most reviewers end up focusing on is whether or not the anti-virus software is annoyingly obtrusive to daily life (this is a huge problem on the PC-side of things with constant pop-ups, alerts, and attempts to up-sell you to the next tier or protection). So imagine my surprise and joy when after installing and running Intego’s VirusBarrier X5 on my brand new MacBook Pro, it discovered I actually had a virus!

Above: When a virus is detected, it is pretty obvious.

That’s right, I was actually happy to find that my system had a real life, honest to goodness virus – for two reasons, actually. First, I now had a legitimate way to verify that VirusBarrier does indeed do its job. I had assumed I would hit “Scan”, have it find nothing, and have to say “Well, I guess it works fine”. But secondly, and most importantly to the Apple fanboy in me, the virus it discovered was a WINDOWS executable that hearkened all the way back to 2001 when I used Microsoft’s Entourage e-mail client.

Above: A virus? On a Mac?!? Oh Wait, it’s a Windows virus.

Apparently as I upgraded from my original G4 PowerMac, to my MacBook, and now my MacBook Pro, I had just been copying over all my old documents and settings, including the Microsoft user data folder. Inside was a “joke” e-mail message I had been mass-forwarded by some idiot or another, and it contained a Windows executable file. Usually when I get these I just delete them, since even if it were a legitimate (and no doubt hilarious) .EXE attachment (if there is such a thing) I couldn’t view it on my Mac even if I wanted to. But apparently I let this one slide, and it sat in my Entourage junk folder for 7 years, infecting nothing, but there nonetheless.

The virus it found was called W32.Joke.Stupen.C, and was tacked onto the file Rumor.EXE , which appears to be a known virus of old.

Above: Behold “The Orb”

OK, so now that we know that it works, on to the traditional Mac-virus software question, “Is it annoyingly obtrusive?”. Happily, the answer is “no”. In fact, it sort of makes virus scanning fun.

As soon as you install VirusBarrier X5 (and restart your system), it begins protecting your Mac automatically in the background from all new incoming viruses. It will automatically scan e-mails, as well as any file you open, save, or create. But it does not automatically scan you entire system. For that, you need to launch the application an initiate a manual scan (or set up a scheduled scan).

Above: The outer ring serves as a progress bar, letting you know approximately how much longer you have to wait. Of course, the giant percentage numbers help too.

After launching, you will be greeted by VirusBarrier’s somewhat unusual GUI – the most striking area being “The Orb”. This giant green ball in the center is where much of the scanning feedback is delivered. The ring on the outer edge of the Orb provides a circular progress bar, and in the center you will receive a numerical progress percentage update, as well as see which files are being scanned. From this main screen you can select the drives or folders you would like to scan, setup scanning schedules of specific drives or folders, as well as see if any viruses have been detected and get an idea of how much system resources VirusBarrier is consuming. However the first thing you will want to do is hit the “Check Now” button on the top right of the screen to see if there are new virus definitions (the version I downloaded came with October definitions, but found some new December ones). Keeping up to date with virus definitions is important obviously from a protection standpoint, but it’s also important because of the way VirusBarrier scans for viruses.

The first time you run a virus scan, VirusBarrier will scan you entire system (assuming you leave the defaults set), including any attached drives. This initial scanning can take many hours, but once it has completed, all future scans will only scan files which have been added or modified since the last scan– sort of like how Time Machine backs up files. This means all future scans will complete in a fraction of the time that the original scan took. However, each time you download a new set of virus definitions, you’ll want to initiate a new manual scan of the system to make sure you do not have any newly discovered viruses.

Above: Odds are right now you don’t have to worry about iPhone viruses just yet, but it’s nice to know VirusBarrier can scan it anyway.

Performance

During the initial full system scan, I did notice a performance hit. Apps, like Mail took longer to open large mailboxes and display messages, and I had a few beachballs even though Activity Monitor showed Virus Barrier was not really using much in the way of system resources. However, after that scan completed (about 2 hours) the system went back to normal. The “Real-Time” scanning feature does not seem to dish out any noticeable performance penalty, so I am keeping it running 24/7 for now.

Above: Select what you’d like to scan.

Features

VirusBarrier X5 has some pretty slick features in addition to being able to catch 7 year-old Windows viruses. First, while viruses may not be a big problem on the Mac, Boot Camp users who occassioanlly run Windows on their Macs will be happy to know VB can scan their Boot Camp partition, as well as Windows files running under VMware Fusion or Parallels. For the non-Windows users, file corruption is a more real threat (although, again, not as much as on Windows) and VirusBarier can detect file corruption in addition to viruses and prompt you for action. When VirusBarrier detects a virus, the giant green “ORB” in the center will turn red – when it detects a file with data corruption, it turns yellow. You can set up what action VB should to take when viruses and corruption are detected, such as alert, repair, or quarantine.

VB also supports network scanning of mounted drives, as well as scanning the files of all users on a computer (although you will need an administrator’s password to take any “repair” action).

Above: You can customize which drives, folders, and files get scanned and when

You can set VirusBarrier to scan specific drives, folders, or even files, at set times. The scheduling interface is very intuitive, and reminiscent of Mail’s rules. Speaking of Mail, you can set up VirusBarrier to e-mail you if it should detect a virus, a useful feature for a system administrator (this “send e-mail alert” feature only works with Apple’s e-mail program, but VBX5 will scan any incoming and outgoing e-mail messages no matter what e-mail client you use).

If there is a particular file you are suspicious of, you can drag and drop that file onto the VirusBarrier icon in the dock, or onto the Orb if the app is open, and scan it. If it comes up clean, but you are still suspicious, VirusBarrier installs a contextual menu that allows you to right click on a file and choose to send it to Intego to have them test it, a really cool feature. If it turns up positive for a virus, it will be added to the next round of virus definitions, and help entire VirusBarrier community.

iPhone scanning?

Probably the only platform with less viruses than the Mac is the iPhone, yet Intego has decided to add iPhone and iPod touch scanning to the long list of Virus Barrier’s features. Given Apple’s tight controls over loading apps via the iTunes store, this may be of more use to the jailbreaking crowd who go through less stringent app approval process. When docked, the iPhone shows up as another device in the “Select” window. When scanning an iPhone or iPod touch, VirusBarrier X5 copies all the files contained on the device to the user’s startup volume in order to verify their security. If any malware or infected files are found, VirusBarrier X5 alerts the user and offers to repair or delete the infected files. This copying can take quite awhile, especially on a 16 GB model full of files, but given just how much personal data is on my iPhone, I figure it might not be a bad thing to do once every couple months or so. This might be a gimmick now, but could be useful in a year or so as the platform evolves.

Issues

Really the only issue I have with VirusBarrier turned out to not really be much of an issue at all. Because Apple manages Time Machine backups through a private, undocumented framework, VirusBarrier is unable to directly scan the files inside a Time Machine backup. When scanning a Time Machine volume, the scan takes about 2 seconds, as it only sees 1 file, not the entire 1,650,000 file contents of the backup. However, the work around is that, assuming you leave VB’s Real-Time scanning on, it will scan any file as it is copied to or FROM a Time Machine backup. So if, like me, you found you had a virus on your system, and realized it likely got backed up onto your Time Machine backup, you need not worry. If you ever restore the file, VB will catch it. Of course, that doesn’t mean I didn’t freak out knowing I had a virus on my Time Machine archive. 🙂 So I deleted my Time Machine backup and started over (hey, the computer’s only a week old anyway).

Above: VirusBarrier cannot scan Time Machine backups, but it’s not a big deal

Conclusion

Intego’s VirusBarrier X5 lives up to its claim of providing complete, unobtrusive virus protection for your Mac. While the need for Mac Virus protection is still debatable for most users, Mac users running Windows under Boot Camp, VMware Fusion or Parallels have reason to genuinely be concerned, and as Mac users there’s still something comforting about having something there to back up our smugness. The powerful scheduling features, e-mail alerts, corruption scanning, and iPhone scans all make VirusBarrier a great choice for your anti-virus needs (real or imagined).

Price: $69.95 – yearly virus definitions ($29.95)
Pros: Fast, unobtrusive virus protection for your Mac, iPhone scanning, e-mail notification, File corruption detection, protection for Boot Camp volumes and Windows running under virtualization
Cons: Non significant