Malware on the Mac

From my updated article on the subject of malware on the Mac:

I’ll alter my position and state that it’s actually a good idea to go ahead and protect yourself, even on your Mac. While there are still safety advantages to computing on the Mac, a few extra precautions won’t hurt. To that end, I would recommend installing an anti-malware package on your Mac, such as Sophos’ Anti-Virus for Mac Home Edition. Using the builtin firewall on your Mac is also a good idea though for additional protection you can download and install Little Snitch, which detects and blocks both inbound as well as outbound network requests. This can keep malware from potentially dialing home with your data even before you or your anti-malware software knows you are infected. In fact, this can be a good tripwire to know whether you are infected or not.


Anti-Malware symbol with malware image alongside itCongratulations on the purchase of your shiny new Mac and welcome to a wonderful new era in personal computing. Okay, okay, maybe it’s not so shiny new. And you’ve probably been computing for quite awhile, perhaps on a Mac. And really, the nuts and bolts of computing on a Mac aren’t all that different from Windows, though the experience is an improvement in my humble opinion. But there is one thing that is not different, in spite of what you might have heard. Malware exists on the Mac.

Yes, it’s true! I know, you’ve heard it said repeatedly that there is no malware for the Mac, that it is so much more secure than Windows, that you are much safer on the Mac, etc. Well, I’m an avid Apple aficionado and I am more than happy to plug Apple products as I believe they are top quality products. But Apple has never stated they are malware free. So where then does this image of imperviousness stem from? Why does everyone espouse the bullet proof nature of the Mac? Because while it is not completely bullet proof, there do seem to be fewer bullets out there that work against it.

First, recall that all malware is, is a program that does something on your computer that you don’t want it doing. That’s it. Code that does something bad. “Bad” could mean almost anything, from stealing your data, to deleting it, to annoying you with popups, to emailing lewd messages to your grandmother. What the malware does is generally less important than how it gets onto your system in the first place. For both Windows and Mac machines (and really any other machine out there) malware attacks come in two forms, those that require you to participate in installing them and those that install themselves automatically.

The ones that require you to install them generally rely upon social engineering, that is convincing you socially to do something. It might be a really convincing looking browser popup that looks like some sort of security window telling you to download a fix or something. Or it could be a website that seems to be selling a really interesting new game that in fact installs the malware when you install the game. These infections don’t rely on a security vulnerability in the system. Aside from trying to fool you into installing them, there would be no difference between one of these and a program that clearly advertises “Install me and press the button to delete all of your important files”. You install it because you are fooled into thinking it is reasonable to do so, and you let it do something bad to your machine because you think it’s doing something good. Unfortunately there are no convenient methods to prevent this sort of attack and the Mac is just as susceptible to this type of malware as any Windows machine.

That said, Apple products do have one advantage that Microsoft products don’t have (yet) and that is the App Store. App Store purchases are far less likely to contain malicious code as they are vetted by Apple before going on sale and Apple clearly has an interest in making sure they are clean before going up for sale. Microsoft will also have an app store of their own when the next version of Windows ships, which will also help. Of course, you can also get software outside of these app stores, in which case you are taking matters into your own hands. Regardless, this is still only partially helpful. Macs can be infected with this approach just as readily as Windows machines.

The second method of infection, where you don’t give permission and the malware is installed automatically, is somewhat less likely to occur on a Mac. For a variety of reasons, there are generally more difficulties involved with getting a system to execute something without the user’s permission on a Mac than on Windows, though the difference has shrunk considerably with the deployment of Windows 7 and will likely shrink further with Windows 8. Security has become of increasing concern to all OS vendors lately and they are doing more to protect you over time.

In summary, yes there is malware for the Mac, but no it isn’t of much concern because there just isn’t much out there yet and what there is essentially requires you to willingly install it and run it. So what about anti-malware applications? Well, they aren’t as needed and they aren’t as plentiful. I’ve written about a number of anti-malware applications for cleaning up malware after the fact as well as protecting you preemptively but that ecosystem is not as diverse on the Mac, mostly because it hasn’t been necessary. I have tried anti-virus on my Mac. It did, in fact, catch a malware laden email that I received. It was a Windows infection though, sent to me by someone else and having zero chance of actually doing harm to me. Still, I suppose it kept me from forwarding it to someone else and infecting them. I eventually uninstalled it. If you want to give it a try, you can download Sophos Anti-Virus for Mac Home Edition. It will affect some file operations as files are scanned before loading and will consume some bandwidth as definitions are kept up to date and so on. Essentially, it’s one more thing your Mac will constantly be doing. Running without it poses little risk at the present time. If it begins to become a concern, we’ll certainly change our tune, but for now enjoy the lack of malware.