A few years back if someone had asked me if their Mac requires an antivirus, I would have said “Are you joking? Dude Mac is so secure I don’t think even God himself would be able to infiltrate it with a virus” (Yes these would have been exact words).
But with the rising popularity of Mac, hackers and other cybercriminals have started to target the macOS as their exotic destination for chaos too.
Surprisingly, even though with all these challenges, Apple has really stood their ground and has made sure the macOS can retain the tag of the most secure OS.
So here’s everything you need to know to protect your Mac from viruses and other malware.
Do I Need An Antivirus Software For My Mac?
Mac comes with many built-in security features to keep it safe. The reason macOS is so secure is that it is based on the Unix Kernel (which itself is very secure).
Unix is also the predecessor behind popular operating systems like BSD and Linux. All these OS’s are known for their reliability and security thanks to a robust permissions system.
Take a look at how Mac’s are protected.
Mac also comes with an inbuilt anti-malware scanner called Xprotect which is a proprietary technology created by Apple.
Xprotect scans and checks every file against the known macOS malware definitions. In case if it finds something suspicious, it will flag the particular file and show a warning.
These malware definitions are updated along with the system updates.
By now, you must be well-versed with a character called Heimdall from the Thor movies. He is the protector of the nine realms and makes sure that he keeps a watch on Bifrost.
If you’re a non-comic book person then in simple words he is like a security guard of a big corporate office. So Mac also comes with built-in software to protect itself from unknown applications. The name of the application is Gatekeeper (Yes that’s the name, how original).
This Gatekeeper blocks the applications which either aren’t signed with an Apple-issued developer certificate or not downloaded from the Mac App Store. Sadly the developers who want to create free, open-source apps won’t have a certificate as they have not entered the Apple Developer Program.
Such apps will also be under the radar of the Gatekeeper. In case you trust this unsigned app, you can go to System Preferences > Security & Privacy, and then click “Open Anyway” after you attempt to open the app.
Apple also has built-in security measures against the Apps which are downloaded from Mac App Store or which have an Apple-issued developer certificate.
Such apps are executed in a secure environment called Sandbox which allows it to perform its purpose and nothing else.
When you run an app in a sandbox, you limit what it can do and provide additional permissions based on input.
System Integrity Protection (SIP) protects the most vulnerable parts of your Mac, including system directories.
Apple prevents apps from accessing these areas, thus limiting the amount of damage caused by the rogue software.
SIP also protects preinstalled apps, like Safari and Finder from any malicious code injections so that the behavior of the application is not modified.
Malicious Ghosts of the Macs Past
All the security features mentioned above protect your Mac from attacks, but the reality is even bitter and no platform is immune. There are new instances of macOS malware being discovered every year.
Many of these go undetected through Apple’s security either by design or by exploiting a security flaw.
A few of the known malware attacks are:
- OSX/Shlayer – OSX/Shlayer (also known as Crossrider) is a type of adware that infects Macs via a fake Adobe Flash Player installer. This fake flash player which people had downloaded through a BitTorrent site installed various dangerous apps on the Mac. A few of these apps are Chumsearch Safari Extension, Advanced Mac Cleaner, MyShopCoupon+, mediaDownloader, and MyMacUpdater.
- OSX/CrescentCore – OSX/CrescentCore is a type of malware that was discovered in 2019. It disguised itself as an Adobe Flash Player installer disk image. This malware installed additionals apps like Advanced Mac Cleaner, LaunchAgent, or a Safari extension, and then exploited unprotected machines. OSX/CrescentCore was difficult for Apple to catch it as it was signed with a developer certificate.
- OSX/Linker – I previously mentioned how certain malware takes the advantage of a security flaw. Such is an example of OSX/Linker which was discovered in 2019 and took the advantage of a “zero-day” flaw in Gatekeeper. OSX/Linker was able to slip past Gatekeeper as Apple hadn’t patched the security flaw( which was first reported earlier the same year.)
- OSX/Keydnap – OSX/Keydnap is a type of malware that infected the popular BitTorrent client called Transmission. It stole the login details from the system keychain and created a backdoor for future access to the system. Similar to OSX/Crescent Core even this was not detected by Gatekeeper as it was signed with a legitimate certificate.
- LoudMiner – LoudMiner was a cryptocurrency miner that was discovered in Ableton Live 10. It installed a virtualization software that ran a Linux virtual machine and used system resources to mine cryptocurrency.
All the above examples were regarding the software part of the Mac but in one such case, even the hardware of the Mac was compromised.
Back in 2018, it was discovered that all Mac CPUs that were sold in the last two decades had some serious security flaws. These flaws which were known as Spectre and Meltdown allowed the attackers to access the part of the system which was known to be protected.
Apple later patched its OS against Spectre and Meltdown.
Even though Apple has a very strict review process for the apps that need to be hosted on its App store, there are few cases where certain apps were able to pass through it.
A few of these malicious apps are Adware Doctor, Open Any Files, and Dr. Cleaner. All these apps disguised themselves as legitimate anti-malware software.
- However, they send information like browsing history and currently-running processes to servers in China. As these apps came from the Mac App Store, Gatekeeper allowed them to run without any additional checks.
- Thanks to sand-boxing rules, the apps were not able to cause any harm to the system but they were able to steal the information which is still a major security breach.
These are few examples of MacOS security problems in recent years. Even though Apple patched their OS against all the above threats, the damage caused to the users was still significant.
How You Can Reduce Your Risk of Infection
- Make sure your Mac is up to date – First and foremost, keep your Mac up to date. As mentioned above Apple releases various patches to protect the Mac from security vulnerabilities. To update your system, just go to System Preferences > Software Update to check for updates. You can also enable the setting to install updates automatically.
- Do not download Apps from unknown sources – Most of the time your Mac can be infected if you downloaded the application from an unknown source. Make sure the application you’re downloading has either come from the Mac App Store or signed with a legitimate developer certificate. Even if you’re planning to install an unsigned app, do make sure the source is trustworthy.
- Be careful when connecting to public Wi-Fi networks – Man-in-the-middle attacks usually occur over public hot-spots, and these attacks can allow cybercriminals to spy on your traffic. So if you’re planning to connect to a public network make sure you do it through a VPN.
- Avoid any suspicious emails – Sometimes hackers can also send attachments through emails that can contain malware. It’s always good to verify the authenticity of the sender before opening such emails.
Which Mac Security Software Should You Install?
Even though Apple recommends you do not need a third-party antivirus, it is always good to keep a backup in case Apple hasn’t patched their OS or if the Gatekeeper has allowed some rogue application.
The third-party antivirus might sound bad as per Apple standards but you never when your Mac might get infected by malware or virus. To start with for a basic malware removal tool, you can install Malwarebytes.
The free version of Malwarebytes will scan your Mac for malware and remove anything it finds. If you want real-time protection you can even go for Malwarebytes Premium.
These apps are some of the top security known for Mac.
How do I know if my Mac is infected?
Well, there are some sure-shot signs that you might notice on your Mac if it’s infected with a virus. Normally, if your Mac has been infected, it would act in the following way:
- Your Mac would be slower than normal, this could be a sign of someone accessing your system to run a DDOS attack.
- You would begin to receive security alerts, even though you have not scanned your system as yet.
- The browsers homepage would be different compared to how it was earlier. Here you might notice a couple of new tabs or icons which would indicate that your browser has been infected.
- Your Mac would bombard you with unwanted ads.
- There are times where you might not be able to access your personal information or system settings. This might be due to a ransomware or malware that has attacked your Mac.
To summarize, Installing an antivirus is all dependent on you. So if you feel it’s a necessity, as a safety measure you can install an antivirus. Make sure the antivirus you’re going for doesn’t slow down your Mac.
Also, do watch out for fake antivirus’s present online. Most of these will be malware disguised as legitimate software. Do remember you can always keep your Mac safe by following the basic security practices mentioned above.
Apple does a pretty good job of protecting your Mac with its constant updates and its in-built security tools.