No software is immune to attacks, including MacOS. The increasing popularity of Apple computers has made it a major target for malware. And security companies are increasingly offering antivirus programs for Macs, but do you really need them?
Find everything you need to know to protect your Mac from malware.
How macOS protects your computer.
Your Mac has many built-in anti-virus programs. in security features to keep it safe. The foundation of macOS (formerly Mac OS X) is a solid Unix foundation. This is the same OS that BSD and Linux are based on, and it has earned a reputation for being reliable and secure thanks to a robust credential system.
To keep the platform safe, every Mac uses a number of proprietary technologies. It may come as a surprise to you that an anti-malware scanner called Xprotect already runs in the background on your Mac.
When you open a file on your Mac, Xprotect checks it and compares it to known MacOS malware definitions. If it finds something suspicious, it will display a warning that the file is corrupting your computer. When your Mac installs system updates, the malware definitions are also updated.
Another technology called Gatekeeper tries to prevent unknown applications from causing damage. By default, macOS blocks any software that has not been signed with an Apple Developer Certificate or downloaded from the Mac App Store.
Not all unsigned apps are harmful. Developers who create free open source apps often can not justify the $ 99 required to participate in the Apple Developer Program and issue certificates. To bypass Gatekeeper, go to System Preferences> Security and Privacy and click "Open anyway" after trying to open an unsigned app.
To prevent signed apps and apps distributed through the Mac App Store from corrupting the operating system. Apple uses sandboxing. Sandboxing offers the app everything it needs to serve it, and nothing else. When you run an app in a sandbox, you limit its functionality and provide additional permissions based on input.
Finally, System Integrity Protection (SIP) protects some of the most vulnerable parts of your system, including the most important system directories. Apple limits potential damage from fraudulent software because apps can not access those areas.
SIP also protects preinstalled apps like Finder and Safari from code injections that can change how these apps work. If you restart your Mac and run a terminal command, you can disable SIP. But most people should leave it alone.
The Case for a Third-Party Antivirus Program
These security features protect your Mac from attacks, but no platform is immune. Every year new instances of MacOS malware are detected. Many of these incidents are not Apple-developed or use a zero-day vulnerability that Apple could not fix.
In June 2019, it was discovered that OSX / CrescentCore pretends to be an Adobe Flash Player installation disk. The malware installed an app called Advanced Mac Cleaner, LaunchAgent, or a Safari extension, scanned for antivirus software, and then exploited unprotected computers. OSX / CrescentCore was signed with a developer's certificate, so it infected computers for days before Apple discovered it.
Intego ( @IntegoSecurity ) has recently discovered a new Mac malware (adware installer): https: //t.co/lx2dCKDFVT🍎🐛[19659004lightboxesGuessingsysaid'OSXCrescentCore`duetoembeddedstringssuchas:/uss/mehdira/Desktop/WaningCrescent/WaningCrescent/Utils/RtfUtilsswift🤭
-see (@objective_see) July 2, 2019
The month before, the malware known as OSX / Linker exploited a zero-day bug in Gatekeeper , Since Apple had not fixed the vulnerability at the beginning of the year, OSX / Linker got past Gatekeeper.
Hardware is another weak link in the chain. In early 2018, it was found that almost every CPU sold in the past two decades was affected by serious security vulnerabilities. These mistakes were known as Specter and Meltdown – and yes, your Mac was probably affected. The errors could allow attackers to access data in parts of the system that are considered protected.
Apple finally patched macOS to protect itself from Specter and Meltdown. The exploits require you to download and run harmful software to cause harm. There is no evidence that Mac owners are directly affected. Meltdown and Specter make it clear that even hardware that is beyond Apple's control can cause serious security vulnerabilities.
In 2016, OSX / Keydnap infected the popular BitTorrent client Transmission. An attempt was made to steal credentials from the system keychain and create a backdoor for future access to the system. This was the second incident in five months involving transmission. Because the infected version was signed with a legitimate certificate, Gatekeeper did not intercept it.
While the Mac App Store hopes to intercept unscrupulous apps, in 2017 several malicious apps passed Apple's review process. Apps like Adware Doctor, Open Any Files and Dr. Cleaner turned out to be a legitimate anti-malware software. However, they sent information – including the history of the browsing and the processes currently running – to servers in China.
Since Gatekeeper implicitly trusts the Mac App Store, the software was installed without any additional checks. An app like this can not do too much damage at system level, thanks to Apple's sandbox rules, but stolen information is still a significant security breach.
In August 2018, LoudMiner was discovered in pirated copies of VST (Virtual Studio Technology) plug-ins and Ableton Live 10. LoudMiner installs a virtualization software that runs a Linux virtual machine and uses system resources to discover the crypto-currency. The exploit affected both Mac and Windows computers.
These are just a few examples of current security issues with macOS. Third-party antivirus software would not intercept all viruses, nor directly lead to exploitable exploits (especially Meltdown and Specter).
How to Reduce Your Risk of Infection
The Best You Can Expect To protect your Mac against security vulnerabilities, you need to keep it up to date. Apple responds to security vulnerabilities with minor security fixes and major operating system updates. Go to System Preferences> Software Update to check for updates. It's best to set your Mac to automatically install updates.
Installing software from unknown sources may also lead to infection. For best results, use only software that is either from the Mac App Store or signed with a legitimate developer's certificate.
As described above, your system is not immune, but it does provide a lot of protection. If you need to install an unsigned app, make sure you download it from a reputable source. Some Mac installers contain junk software, just like Windows.
Downloading pirated software may result in infection. This poses a high risk because you are at the time of downloading software from illegal sources to the uploader. They could expose themselves more than expected.
Adobe Flash is another source for malware and browser-based exploits. If you do not use it frequently, remove it from your system. Most websites have already switched from Flash, and it will definitely be gone by the end of 2020. If you need to use it, install Google Chrome and enable the sandbox version of Flash.
Public unsecured wireless networks also pose security and privacy risks. Man-in-the-middle attacks occur over public hotspots and allow someone to spy on your traffic. If you need to use an unsecured public network, do so over a VPN.
For added protection, you can install antivirus or anti-malware software to monitor your system.
Which Mac security software should you install?
Let's face it: anti-virus software for your Mac is not essential . If you follow the basic "common sense" practices described above, the risk of infection remains low. Even with an anti-virus program, your system can fall victim to a new, undocumented infection. If a Mac is compromised, all Macs are at risk, regardless of whether you run an antivirus program.
If you feel safer about having an antivirus program on your Mac, this is fine, and there are a few we recommend.
Try Malwarebytes as a basic malware removal tool. We like both the Windows and the Mac version. With the free version, you can search your Mac for malware and remove everything it finds. If you want real-time protection (and here as well probably do not need ), we recommend Malwarebytes Premium ($ 39.99 per year).
We did not do our own tests to find the "Best" Mac virus protection package. The following tools received top marks in the June 2019 AV-Test to macOS summary:
Another useful tool for detecting malware is KnockKnock from Objective-See. KnockKnock is not designed specifically for malware but for permanently installed software. Because malware often uses aggressive tactics to stay installed on a computer, KnockKnock finds and analyzes these processes.
KnockKnock can be downloaded and used for free. However, no tools are removed and some known secure processes may be marked. It checks processes with VirusTotal and highlights known malware red.
Security-conscious Mac users should also try Little Snitch. It's essentially a firewall that prompts you every time an application attempts to connect to the Internet. You can then approve or reject these requests to limit which applications can send and receive data, and the app remembers this. Little Snitch is available as a free trial and the full version costs $ 45.
Never assume that your Mac is secure
Even if you run all available security tools, you should never assume that your Mac is safe. No operating system or hardware part is immune to attacks. Vulnerabilities could occur overnight without warning.
To protect your Mac, it's best to keep it up to date and install only signed-in software from approved developers and the Mac App Store.
And – if you want to wonder – the author of this article has no antivirus program on his Mac.