Do Macs get viruses? | Do Macs need antivirus software: Why you (probably) need antivirus software for your Mac, and our Mac security FAQs

Do Macs get viruses? And do Macs need antivirus software? macOS is inherently secure, but after various flaws and attacks in recent years – including scam websites and the SSL bug/Gotofail error – Mac users are understandably concerned. We explain why you (probably) need antivirus software for your Mac, and offer simple steps you can take to tighten up your Mac’s security

Are Macs secure? And if they are, do I really need to buy antivirus software for my Mac?

Do Macs get viruses? Do Macs need antivirus software? The short answers are yes (and no), and yes (and no). In this article we look at the dangers faced by Mac users, and the pros and cons of using Mac antivirus software.

The Mac is generally considered to be safe and secure, and there are a number of reasons why Macs are considered more secure than PCs. Malware writers are less likely to target Mac users because of the perception that it has a far smaller market share than Windows. There is also the fact that the Mac operating system is Unix-based, and Unix offers a number of security features built in.

In addition, Apple has included a number of security measures that make attacking a Mac particularly challenging. These include Gatekeeper, which blocks any software than hasn’t been digitally signed and approved by Apple from running on your Mac without your agreement.

However, there are still risks and from time to time Macs have become targets. We outline some of the attacks below.

Read next: Best Mac security tips | How to remove Mac antivirus software: Delete Sophos, MacKeeper, ClamXav

Updated, 24 February 2017, with news of the Xagent malware, OSX/Pirrit, a MacDownloader malware campaign targetting Mac users via a fake Adobe Flash update, and a malicious macro found in Word.

Do Macs get viruses, and other Mac security FAQs: Do Macs get attacked by viruses and malware?

Yes, they do. Numerous Mac viruses and Mac-specific attacks have been documented.

But let’s be clear, first of all, that Macs are indisputably more secure than Windows PCs. The Mac operating system is Unix-based, and Unix offers a number of security features built in, like the way that executable code and data is stored in separate folders. (This is why deleting an app on a Mac is so simple.) In addition, Apple has included a number of security measures that make attacking a Mac particularly challenging, including Gatekeeper, which blocks any software than hasn’t been digitally signed and approved by Apple. If you try to open an app by a developer that Apple hasn’t verified you will see the message: “[This app] can’t be opened because it is from an unidentified developer.”

Read more about why Macs are safer than PCs here.

Since Macs represent a smaller and more challenging target, it’s inevitable that a lot less malware is written for the Mac than for the PC. But there is Mac malware out there, and some of it is dangerous. We’ll look at some of the more noteworthy Mac attacks and malware now, but bear in mind when reading about Mac malware that such things are headline news because they are comparatively rare.

READ  76 iOS apps are vulnerable to attacks, user data can be easily stolen: Report
Content continues below

Do Macs get viruses, and other Mac security FAQs: How Apple protects your Mac from Malware

Apple goes to great lengths to protect you from malware by making it impossible for you to download it in the first place. The company has built-in anti-malware protection in Mac OS X and macOS. For example, before you can open a file your Mac will check it against a list of malware, and even if there is no reason for concern there, it will not allow you to open an application from a developer that it hasn’t already hasn’t approved.

OS X’s malware scanning tool, Xprotect, works invisibly and automatically in the background and requires no user configuration. Apple has a list of malicious applications that it checks against when you open downloaded applications. Updates happen invisibly too. This is similar to having antivirus software from another software developer running on your Mac, with the bonus of being written into the operating system and therefore it doesn’t hamper the speed of your Mac.

If you download and try to open files contaminated with malware, you may see an explicit warning that the files will “damage your computer”, along with a reference to type of malware. You should delete the file immediately.

In addition, macOS blocks downloaded software that hasn’t been digitally signed – a process in which Apple approves the developer. This leads to the familiar error message when you try to use or install unsigned software: “[this app] can’t be opened because it is from an unidentified developer.”

The system at work here is called Gatekeeper and can be controlled via the Security & Privacy section of System Preferences – select the General tab and choose from the options underneath Allow Applications Downloaded From. To turn it off, click Anywhere.

Setting this option to Mac App Store and Identified Developers is the best plan. All software downloaded via the App Store is signed, so you’ll only see Gatekeeper warnings with a minority of apps you’ve downloaded manually. You can bypass its protection when needed – assuming you’re sure an app or installation package is safe, just hold down Ctrl, then click it and select Open. This will mark it as being trusted.

Mac Malware: What is the Apple SSL , Gotofail error?

This caused issues for Mac users back in 2014. The problem was with Apple’s implementation of a basic encryption feature that shields data from snooping. Most websites handling sensitive personal data use SSL (Secure Sockets Layer) or TLS (Transport Layer Security), which establishes an encrypted connection between a server and a person’s computer so that snoopers cannot read the traffic and extract information like credit card numbers or log-in credentials. If an attacker intercepts the data, it is unreadable.

READ  Facebook introduces delegated recovery to secure accounts for third party services

However, Apple’s validation of SSL encryption had a coding error that bypassed a key validation step in the web protocol for secure communications. There was an extra Goto command that hadn’t been closed properly in the code that validated SSL certificates, and as a result, communications sent over unsecured Wi-Fi hot spots could be intercepted and read while unencrypted. This could potentially expose user password, bank data, and other sensitive data to hackers via man-in-the-middle attacks. Criminals could also supply fake data that makes it appear an authentic web service has been cryptographically verified.

These kinds of attacks are known as a man-in-the-middle attack and it is a form of eavesdropping in which a hacker makes an independent connection between a client and its destination server. The hacker is then able to relay messages between them, making the client and server believe they are talking to each other over a private connection.

In order for this type of attack to be possible, the attacker would have to be on the same public network.

Apple quickly issued an update to iOS 7 and iOS 6, but took longer to issued an update for Mac OS X, despite Apple confirming that the same SSL/TSL security flaw was also present in OS X. Read more about the iPad and iPhone security flaw here.

Apple said it had a fix ready for OS X and would release it “very soon”. The fix came late the following night.

Do Macs get viruses, and other Mac security FAQs: How does Apple discover security vulnerabilities?

Apple has its own security research team, but it depends on users and independent researchers to help by reporting any flaws they find in Apple products.

To this end, Apple has an incentive programme that rewards such discoveries with payments of up to $200,000, depending on the seriousness of the flaw. But it was the last major tech company to set up such a scheme. (Microsoft set up its own bug-reporting incentive programme in 2013, and was itself criticised at the time for leaving it so late.)

On 4 August 2016, Apple security boss Ivan Krstic announced the Apple Security Bounty Program. “We’ve had great help from researchers in improving iOS security all along,” Krstic said. “[But] we’ve heard pretty consistently… that it’s getting increasingly difficult to find some of those most critical types of security vulnerabilities. So the Apple Security Bounty Program is going to reward researchers who actually share critical vulnerabilities with Apple.”

READ  HP launches HP EliteBook X360, HP Spectre X360 and HP Envy

The top reward is $200,000, given to those who discover vulnerabilities in Apple’s secure boot firmware components; for less critical flaws the bounties drop through a series of smaller figures to a bottom tier of $25,000. Wired has the details.

We imagine most Mac users will be pleased to hear that Apple has finally launched an incentive programme to encourage more widespread reporting of its vulnerabilities. Incentivising security researchers to let Apple know about a flaw instead of passing it on to hackers (which may still, sadly, be more lucrative) makes Apple products safer for everyone.

Do Macs get viruses, and other Mac security FAQs: Do I need antivirus software for Mac?

Sophos Anti-Virus for Mac Home Edition offers always-on virus protection for free, meaning that the app sits in the background and immediately alerts you should an infection take place.

Alternatively, iAntivirus by Norton, ClamXav and Bitdefender all provide on-demand scanning for zero cost, meaning you can run them whenever you feel it’s necessary to check for virus infections.

We look at the best options in our Best Mac antivirus software group test.

Do Macs get viruses, and other Mac security FAQs: How to turn on your Mac Firewall

The firewall defends your Mac against unwanted incoming connections from the Internet or other computers on the network.

Check to ensure the firewall’s enabled by opening System Preferences and selecting the Security & Privacy option. Click the Firewall tab and ensure it reads Firewall: On. If not, click the Turn On Firewall button. For fine-grained control over which apps are protected, click the Firewall Options button.

Do Macs get viruses, and other Mac security FAQs: How to turn on your Mac Firewall

The firewall defends your Mac against unwanted incoming connections from the Internet or other computers on the network.

Check to ensure the firewall’s enabled by opening System Preferences and selecting the Security & Privacy option. Click the Firewall tab and ensure it reads Firewall: On. If not, click the Turn On Firewall button. For fine-grained control over which apps are protected, click the Firewall Options button.

Do Macs get viruses, and other Mac security FAQs: Keep Java and Flash up to date on your Mac

Recent vulnerabilities with Java and Flash have highlighted the fact that there are cross platform threats that even Mac users need to be aware of. Over the past year Apple

has taken to blocking Java and Flash via Xprotect. As a result of this you will find that from time to time Flash video and adverts disappear from your browser, and that Java based tools stop working.