- > What is the latest Mac virus?
- > How Apple protects your Mac from malware
- > New security features in macOS Mojave
- > How Apple responds to security threats
- > Why you should keep macOS up-to-date
- > Is antivirus software necessary for a Mac?
- > How to tell if my Mac is infected
- > Other ways to protect your Mac from malware
Do Macs get viruses? Do Macs need antivirus software? The answer isn't as simple as it may seem. In this article, we look at the dangers faced by Mac users and the pros and cons of using Mac antivirus software.
We also explore how secure Macs are in comparison to Windows PCs. The Mac has historically been considered to be safe and secure for a number of reasons, but in recent years that has shifted considerably.
As the popularity of the Mac grows and viruses and malware become more advanced, the Mac has become more of a target than it has been in the past. A report by Malwarebytes in March 2018 suggested that Mac malware grew by 270 percent in 2017. (We have a complete list of all the Mac viruses, malware and security flaws that have hit the operating system here.)
In previous years, Mac users were less vulnerable to malware because there were far more PCs and therefore PCs were a more lucrative target. Now there are new threats, such as malware designed to gain access to cryptocurrency, phishing attacks and adware, and we will examine some of these below.
On the whole, Macs have remained pretty secure. This is partly thanks to the fact that the Mac operating system is Unix-based, and Unix offers a number of built-in security features.
In addition, Apple itself has included a number of security measures that make attacking a Mac particularly challenging. These include Gatekeeper, which blocks software that hasn’t been digitally approved by Apple from running on your Mac without your agreement.
However, with the increased interest in the Mac from the point of view of malware distributors, are the inbuilt protections enough, or should you install antivirus software on your Mac? Or is it too late and are you already infected by a virus on your Mac - find out how to tell if you have a virus on your Mac below.
What is the latest Mac virus?
As of 1 February 2019 the most recent malware to be identified on the Mac is the CookieMiner malware which can steal passwords and login credentials from Chrome, obtain browser authentication cookies for cryptocurrency exchanges, and access iTunes backups of text messages in order to gain information required to bypass two-factor authentication and gain access to a cryptocurrency wallet and steal cryptocurrency.
The CookieMiner malware is also able to install software on the Mac which can mine cryptocurrency.
Other examples of malware have included the following.
From August 2018 Mac Auto Fixer started popping up on Macs - in the form of suspicious pop-ups that suggested users should install the software to protect their Macs. Rather than being useful software, this was just a means to get people to part with money. Read: What is Mac Auto Fixer.
In May 2018 cryptominer app mshelper was targeting macOS. Infected users noticed their fans spinning particularly fast and their Macs running hotter than usual, an indication that a background process was hogging resources. You can expect such crypto currency miners to become more and more prevalent.
Back in February 2018 Macs were threatened by a variant of adware that was infecting Macs via a fake Adobe Flash Player installer. Intego identifies it as the OSX/Shlayer Malware, while Malwarebytes refers to it as Crossrider. The fake Flash Player, which you would have to pick up from a BitTorrent site, according to Intego, installs various apps on your Mac, including: Chumsearch Safari Extension, Advanced Mac Cleaner, MyShopCoupon+, mediaDownloader, and MyMacUpdater.
The best way to protect yourself from the above threats is not to allow the installation of third-party software unless it’s from the App Store or identified developers, as per the Security & Privacy settings, that you can access in System Preferences > Security & Privacy > General. If you were to install something from an unknown developer Apple would warn you to check it’s authenticity. Read on to find out how Apple protects you from malware.
[We have a complete run down of every Mac virus in this article: List of Mac viruses, malware and security flaws.]
How Apple protects your Mac from malware
Apple goes to great lengths to protect you from malware by making it almost impossible for you to download it in the first place. The company has built anti-malware protection into macOS. For example, before you can open a file, your Mac will check it against a list of malware, and even if there is no reason for concern it will not allow you to open an application from a developer that it hasn’t already approved.
The Mac's malware scanning tool, Xprotect, works invisibly and automatically in the background and requires no user configuration. Apple has a list of malicious applications that it checks against when you open downloaded applications. Updates happen invisibly too. This is similar to having antivirus software from another software developer running on your Mac, with the bonus of being written into the operating system and therefore it doesn't hamper the speed of your Mac.
If you download and try to open files contaminated with malware, you may see an explicit warning that the files will "damage your computer", along with a reference to type of malware. You should delete the file immediately.
In addition, macOS blocks downloaded software that hasn't been digitally signed - a process in which Apple approves the developer. This leads to the familiar error message when you try to use or install unsigned software: "[this app] can't be opened because it is from an unidentified developer."
The system at work here is called Gatekeeper and can be controlled via the Security & Privacy section of System Preferences - in Security & Privacy select the General tab and choose from the options underneath Allow Applications Downloaded From. The options include App Store or App Store and Identified Developers.
There used to be an option to disable the feature by choosing 'Anywhere' but this option is no longer available. This doesn't mean you can't open apps that haven't been approved by Apple though - it just means that you will have to tweak some settings in order to do so. (Here's how to open an app from an unidentified developer).
Setting this option to App Store and Identified Developers is the best plan. All software downloaded via the App Store is signed, so you'll only see Gatekeeper warnings with a minority of apps you've downloaded manually. You can bypass its protection when needed - assuming you're sure an app or installation package is safe, just hold down Ctrl, then click it and select Open. This will mark it as being trusted.
Software that is approved by Apple is also Sandboxed, which means apps do only what they’re intended to do. App sandboxing isolates apps from the critical system components of your Mac, your data and your other apps, so they shouldn't be able to access anything that could allow them to do any damage.
There's also anti-phishing technology in Safari that will detect fraudulent websites. It will disable the page and display an alert warning you if you visit a suspect website.
You'll also notice that plug-ins such as Adobe Flash Player, Silverlight, QuickTime and Oracle Java won't run if they aren't updated to the latest version - another way of ensuring your Mac is safe.
In addition to Gatekeeper, which should keep malware off your Mac, FileVault 2 makes sure your data is safe and secure by encrypting it. Read about how to manage the settings of your Mac to make sure that it is secure here.
New security features in macOS Mojave
New password features in macOS Mojave include:
- Strong password suggestions will appear in Safari when you open an account on a website. This strong password will be saved in your iCloud Keychain so that you won't have to remember it. It's a lot safer than using the same password you always use.
- Safari can also automatically insert codes received via SMS into the appropriate fields on a website.
- Safari will also limit Fingerprinting - which is the way a website can recognise you based on information advertisers have about you. Fingerprinting enables advertisers to target ads at you. In Safari 12 Intelligent Tracking Protection stops cookies following you around the web.
- There are also new permissions dialogs that will appear when ever software is attempting to control your Mac or access a particular function (for example the camera or microphone). It's similar to how things work on iOS.
Additionally, if you have a 2018 MacBook Air, 2018 MacBook Pro, or an iMac Pro the T2 chip will handle various security features including Touch ID.
How Apple responds to security threats
Despite the security measures Apple has in place, from time-to-time there are threats to the Mac.
Apple has its own security research team, but it depends on users and independent researchers to help by reporting any flaws they find in Apple products.
To this end, Apple has an incentive program that rewards such discoveries with payments of up to $200,000, depending on the seriousness of the flaw. But it was the last major tech company to set up such a scheme. (Microsoft set up its own bug-reporting incentive programme in 2013, and was itself criticised at the time for leaving it so late.)
On 4 August 2016, Apple security boss Ivan Krstic announced the Apple Security Bounty Program. "We've had great help from researchers in improving iOS security all along," Krstic said. "[But] we've heard pretty consistently... that it's getting increasingly difficult to find some of those most critical types of security vulnerabilities. So the Apple Security Bounty Program is going to reward researchers who actually share critical vulnerabilities with Apple."
The top reward is $200,000, given to those who discover vulnerabilities in Apple's secure boot firmware components; for less critical flaws the bounties drop through a series of smaller figures to a bottom tier of $25,000. Wired has the details.
We imagine most Mac users will be pleased to hear that Apple has an incentive programme to encourage more widespread reporting of its vulnerabilities. Incentivising security researchers to let Apple know about a flaw instead of passing it on to hackers (which may still, sadly, be more lucrative) makes Apple products safer for everyone.
One such flaw was the High Sierra root bug, discovered on 28 November 2017. This flaw in macOS 10.13 could allow access to settings on a Mac without the need for a password. Apple immediately issued a statement confirming that it was working on a fix and an update was anticipated to be issued within days (find out about the latest version of macOS here).
We have a guide to protecting your Mac from the High Sierra root bug here.
Why you should keep macOS up-to-date
On the basis that Apple addresses flaws and vulnerabilities with the Mac by issuing updates to the Mac operating system, it is important to keep your Mac up to date. We advise checking regularly for OS updates remains a key part of a sound security strategy.
However, sometimes, albeit rarely, a software update can lead to vulnerabilities - such as the High Sierra root bug mentioned above.
You can find out about the latest version of MacOS here: Latest version of MacOS.
You can set your Mac to automatically update as soon as a new version of the operating system is made available. Follow these instructions to set that up:
How to automatically install Mojave software update:
- Open System Preferences.
- Click on Software Update.
- Tick the box beside Automatically keep my Mac up to date.
- Or, click on Advanced and choose from automatically: Check for updates, download new updates when available, Install macOS updates and Install app updates from the App Store.
How to automatically install High Sierra software update:
- Open System Preferences.
- Click on App Store.
- Tick the box beside Automatically check for updates.
- You can choose to download the newly available updates, if you want them to install automatically though you need to make sure the box beside Install macOS updates is checked.
How to manually install macOS software updates:
If you'd rather not let your Mac automatically update, you should periodically check to see if there is an update to your version.
- In High Sierra and earlier you can go to the Mac App Store and check for updates.
- In Mojave you need to go to the Software Update pane in System Preferences.
You may need to restart your computer once the update has downloaded. You can expect a typical 460MB download to take about 8 minutes (during which time you will still be able to work) but for a large update you will have to restart and install and that could take as much as 20 minutes, bringing the total install time to about 25 minutes in total.
For our in-depth guide to updating Mac operating systems, see How to update macOS.
Is antivirus software necessary for a Mac?
As we've explained above, it's certainly not an essential requirement to install antivirus software on your Mac. Apple does a pretty good job of keeping on top of vulnerabilities and exploits and the updates to the MacOS that will protect your Mac will be pushed out over auto-update very quickly.
However, sometimes Apple doesn't respond as quickly as Mac users might hope. In that case, there are some free antivirus apps that might give you some peace of mind.
Beware that due to the fact that people are so concerned about malware threats on the Mac there have been cases of malware actually disguising itself as an antivirus app, most recently Mac Auto Fixer pop-ups have appeared suggesting that software needs to be installed (at a high price). This is similar to another fake antivirus app called MacDefender which has been doing the rounds for some time.
Another Mac antivirus company that is often thought of as unscrupulous is MacKeeper. There are various reports that suggest it is a scam or at worst malware. However, according to reports, MacKeeper is not a scam, but unfortunately, its aggressive advertising leads many to believe that it is, and perhaps it is unfortunately named (too similar to the fake antivirus apps above). There are also complaints that it is difficult to uninstall (and we have a guide to how to uninstall MacKeeper here).
How to tell if my Mac is infected
Look out for the following signs that your Mac has been infected with malware:
- Aggressive web page banners and browser pop-ups recommending software.
- Web page text turning into hyperlinks.
- Programs appearing that you haven't authorised.
- Mac crashes.
- Mac runs hot.
- Mac speeds up for no reason.
If you think something suspicious is happening, open Activity Monitor and click on the CPU tab. Check what software is running - especially if something is hogging a lot of your resources.
Other ways to protect your Mac from malware
Along with keeping your Mac operating software up to date we advise that you do the following:
Don't connect to public Wi-Fi networks - Beware of connecting to a public Wi-Fi network as there may be someone spying who could gain access to your passwords and other private information, or you could have your session hijacked. Snoopers can set up their own Wi-Fi hotspot, pretending to be your hotel or coffee shop, then once you have connected they can grab any data you send over it. In the past there have been flaws detected in the OS that could allow access to your Mac, such as the SSL error in an earlier version of Mac OS X that meant it was possible for a hacker to access your machine if you were using public WiFi.
Keep Java and Flash up to date on your Mac - Vulnerabilities with Java and Flash have highlighted the fact that there are cross-platform threats that even Mac users need to be aware of. Apple blocks Java and Flash by default, leaving it to the user to decide whether to install those tools. From time to time you will discover that Flash video and adverts disappear from your browser, and that Java-based tools stop working, if that happens you will need to install the latest version of those apps. And speaking of Flash and Java: be careful where you download updates from!
Avoid falling foul of phishing emails - Protect yourself from phishing attacks not responding to emails that require you to enter a password or install anything. You could also use free software such as BlockBlock or XFence (formerly Little Flocker) installed. That way even you were to carry out the steps to launch the malware, it would not be able to write files or mark itself as launching on startup.
Don't fall for Facebook scams - Facebook scams are usually designed to harvest data about the most gullible people, so if it seems like it might be too good to be true it probably is and you'd be wise not to share it on Facebook. At best you might just look silly and those scammers will start to target you with more scams, at worse scammers can access your personal data and that of those you share their post with. So don't click on a link just because a friend shared it and definitely don't give out your personal data on Facebook.