Do Macs get viruses? Do Macs need antivirus software? The answer isn't as simple as it may seem. In this article, we look at the dangers faced by Mac users and the pros and cons of using Mac antivirus software.
We also explore how secure Macs are in comparison to Windows PCs. The Mac has historically been considered to be safe and secure for a number of reasons, but in recent years that has shifted considerably.
As the popularity of the Mac grows and viruses and malware become more advanced, the Mac has become more of a target than it has been in the past. A recent report by Malwarebytes has suggested that Mac malware grew by 270 percent in 2017. We have a complete list of all the Mac viruses, malware and security flaws that have hit the operating system here.
In previous years, Mac users were less vulnerable to malware because there were far more PCs and therefore PCs were a more lucrative target.
On the whole, Macs have remained pretty secure. This is partly thanks to the fact that the Mac operating system is Unix-based, and Unix offers a number of built-in security features.
In addition, Apple itself has included a number of security measures that make attacking a Mac particularly challenging. These include Gatekeeper, which blocks software that hasn’t been digitally approved by Apple from running on your Mac without your agreement.
What is the latest Mac virus?
The latest threat to Macs is OSX/MaMi. As of 17 January 2018, the latest Mac virus is OSX/MaMi. It is similar to a virus called DNSChanger that infected millions of computers in 2012. The issue was first noticed by a Malwarebytes forum user and reported by Hacker News.
The OSX/MaMi malware routes traffic through malicious servers where it can intercept sensitive information.
According to Former NSA hacker Patrick Wardle: "Attackers can perform a variety of nefarious actions such as man-in-the-middleing traffic." It can also take screenshots, generate mouse events, execute commands, and download and upload files, according to BGR.
If you are affected by OSX/MaMi the DNS settings on your Mac will include 220.127.116.11 and 18.104.22.168.
Apparently anti-virus programs can’t detect the program yet. But a firewall could block the traffic.
How Apple protects your Mac from malware
Apple goes to great lengths to protect you from malware by making it almost impossible for you to download it in the first place. The company has built anti-malware protection into macOS. For example, before you can open a file, your Mac will check it against a list of malware, and even if there is no reason for concern it will not allow you to open an application from a developer that it hasn’t already approved.
The Mac's malware scanning tool, Xprotect, works invisibly and automatically in the background and requires no user configuration. Apple has a list of malicious applications that it checks against when you open downloaded applications. Updates happen invisibly too. This is similar to having antivirus software from another software developer running on your Mac, with the bonus of being written into the operating system and therefore it doesn't hamper the speed of your Mac.
If you download and try to open files contaminated with malware, you may see an explicit warning that the files will "damage your computer", along with a reference to type of malware. You should delete the file immediately.
In addition, macOS blocks downloaded software that hasn't been digitally signed - a process in which Apple approves the developer. This leads to the familiar error message when you try to use or install unsigned software: "[this app] can't be opened because it is from an unidentified developer."
The system at work here is called Gatekeeper and can be controlled via the Security & Privacy section of System Preferences - in Security & Privacy select the General tab and choose from the options underneath Allow Applications Downloaded From. The options include App Store or App Store and Identified Developers.
There used to be an option to disable the feature by choosing 'Anywhere' but this option is no longer available. This doesn't mean you can't open apps that haven't been approved by Apple though - it just means that you will have to tweak some settings in order to do so. (Here's how to open an app from an unidentified developer).
Setting this option to App Store and Identified Developers is the best plan. All software downloaded via the App Store is signed, so you'll only see Gatekeeper warnings with a minority of apps you've downloaded manually. You can bypass its protection when needed - assuming you're sure an app or installation package is safe, just hold down Ctrl, then click it and select Open. This will mark it as being trusted.
Software that is approved by Apple is also Sandboxed, which means apps do only what they’re intended to do. App sandboxing isolates apps from the critical system components of your Mac, your data and your other apps, so they shouldn't be able to access anything that could allow them to do any damage.
There's also anti-phishing technology in Safari that will detect fraudulent websites. It will disable the page and display an alert warning you if you visit a suspect website.
You'll also notice that plug-ins such as Adobe Flash Player, Silverlight, QuickTime and Oracle Java won't run if they aren't updated to the latest version - another way of ensuring your Mac is safe.
In addition to Gatekeeper, which should keep malware off your Mac, FileVault 2 makes sure your data is safe and secure by encrypting it. Read about how to manage the settings of your Mac to make sure that it is secure here.
How Apple responds to security threats
Despite the security measures Apple has in place, from time-to-time there are threats to the Mac.
Apple has its own security research team, but it depends on users and independent researchers to help by reporting any flaws they find in Apple products.
To this end, Apple has an incentive program that rewards such discoveries with payments of up to $200,000, depending on the seriousness of the flaw. But it was the last major tech company to set up such a scheme. (Microsoft set up its own bug-reporting incentive programme in 2013, and was itself criticised at the time for leaving it so late.)
On 4 August 2016, Apple security boss Ivan Krstic announced the Apple Security Bounty Program. "We've had great help from researchers in improving iOS security all along," Krstic said. "[But] we've heard pretty consistently... that it's getting increasingly difficult to find some of those most critical types of security vulnerabilities. So the Apple Security Bounty Program is going to reward researchers who actually share critical vulnerabilities with Apple."
The top reward is $200,000, given to those who discover vulnerabilities in Apple's secure boot firmware components; for less critical flaws the bounties drop through a series of smaller figures to a bottom tier of $25,000. Wired has the details.
We imagine most Mac users will be pleased to hear that Apple has an incentive programme to encourage more widespread reporting of its vulnerabilities. Incentivising security researchers to let Apple know about a flaw instead of passing it on to hackers (which may still, sadly, be more lucrative) makes Apple products safer for everyone.
One such flaw is the High Sierra root bug, discovered on 28 November 2017. This flaw in macOS 10.13 could allow access to settings on a Mac without the need for a password. Apple immediately issued a statement confirming that it was working on a fix and an update was anticipated to be issued within days (find out about the latest version of macOS here).
We have a guide to protecting your Mac from the High Sierra root bug here.
Why you should keep macOS up-to-date
On the basis that Apple addresses flaws and vulnerabilities with the Mac by issuing updates to the Mac operating system, it is important to keep your Mac up to date. We advise checking regularly for OS updates remains a key part of a sound security strategy.
However, sometimes, albeit rarely, a software update can lead to vulnerabilities - such as the High Sierra root bug mentioned above.
You can find out about the latest version of MacOS here: Latest version of MacOS.
You can set your Mac to automatically update as soon as a new version of the operating system is made available. Follow these instructions to set that up:
- Open System Preferences
- Click on App Store
- Tick the box beside Automatically check for updates.
- You can choose to download the newly available updates, if you want them to install automatically though you need to make sure the box beside Install macOS updates is checked.
If you'd rather not let your Mac automatically update, you should periodically check to see if there is an update to your version of MacOS by visiting the Mac App Store and clicking on Updates. Alternatively, you can follow these instructions:
- Click on the Apple logo to select the Apple menu from the top left of your Mac screen.
- Click on About this Mac.
- Click on Software Update, this will take you straight to the Mac App Store.
You may need to restart your computer once the update has downloaded. You can expect a typical 460MB download to take about 8 minutes (during which time you will still be able to work) but for a large update you will have to restart and install and that could take as much as 20 minutes, bringing the total install time to about 25 minutes in total.
For our in-depth guide to updating Mac operating systems, see How to update macOS.
Is antivirus software necessary for a Mac?
As we've explained above, it's certainly not an essential requirement to install antivirus software on your Mac. Apple does a pretty good job of keeping on top of vulnerabilities and exploits and the updates to the MacOS that will protect your Mac will be pushed out over auto-update very quickly.
However, sometimes Apple doesn't respond as quickly as Mac users might hope. In that case there are some free antivirus apps that might give you some peace of mind.
Beware that due to the fact that people are so concerned about malware threats on the Mac there have been cases of malware actually disguising itself as an antivirus app.
Back in 2011 one of the biggest Mac malware infections was a fake antivirus app called MacDefender.
Another Mac antivirus company that is often thought of as unscrupulous is MacKeeper. There are various reports that suggest it is a scam or at worst malware. However, according to reports, MacKeeper is not a scam, but unfortunately, its aggressive advertising leads many to believe that it is, and perhaps it is unfortunately named (too similar to the fake antivirus app above). There are also complaints that it is difficult to uninstall (and we have a guide to how to uninstall MacKeeper here).
Other ways to protect your Mac from malware
Along with keeping your Mac operating software up to date we advise that you do the following:
Don't connect to public Wi-Fi networks - Beware of connecting to a public Wi-Fi network as there may be someone spying who could gain access to your passwords and other private information, or you could have your session hijacked. Snoopers can set up their own Wi-Fi hotspot, pretending to be your hotel or coffee shop, then once you have connected they can grab any data you send over it. In the past there have been flaws delected in the OS that could allow access to your Mac, such as the SSL error in an earlier version of Mac OS X that meant it was possible for a hacker to access your machine if you were using public WiFi.
Keep Java and Flash up to date on your Mac - Vulnerabilities with Java and Flash have highlighted the fact that there are cross platform threats that even Mac users need to be aware of. Apple blocks Java and Flash by default, leaving it to the user to decide whether to install those tools. From time to time you will discover that Flash video and adverts disappear from your browser, and that Java-based tools stop working, if that happens you will need to install the latest version of those apps.
Avoid falling foul of phishing emails - Protect yourself from phishing attacks not responding to emails that require you to enter a password or install anything. You could also use free software such as BlockBlock or XFence (formerly Little Flocker) installed. That way even you were to carry out the steps to launch the malware, it would not be able to write files or mark itself as launching on startup.