No software is immune to attacks, including macOS. The growing popularity of Apple computers has made it a prime target for malware. And security companies are offering more and more antivirus for Mac, but do you really need it?
Here's everything you need to know to protect your Mac from malware.
How macOS protects your computer
Your Mac has many built-in security features to keep it safe. The macOS base (formerly Mac OS X) is rock-solid Unix foundation. It is the same operating system on which BSD and Linux were built, and it has earned its reputation for reliability and security through a robust authoring system.
To secure the platform, each Mac uses a suite of proprietary technologies. This might surprise you to learn that your Mac is already running an anti-malware scanner in the background called XProtect.
Every time you open a file on your Mac, Xprotect scans it and compares it to known macOS malware definitions. If he finds something suspicious, you see a warning that the file will damage your computer. When your Mac installs system updates, it also updates the malware definitions.
Another technology called Gatekeeper tries to prevent unknown applications from causing damage. By default, macOS blocks all software that is not signed with a developer certificate issued by Apple or downloaded from the Mac App Store.
All unsigned applications are not harmful. Developers who create free and open source applications often can not justify the $ 99 required to access the Apple Developer Program and issue certificates. To bypass Gatekeeper, go to System Preferences> Security and Privacy, and then click "Open Anyway" after attempting to open an unsigned application.
To prevent applications signed and those distributed through the Mac App Store from damaging the operating system, Apple uses sandboxing. Sandboxing provides the application with everything it needs to reach its goal and nothing else. When you run an application in a sandbox, you limit what it can do and provide additional permissions depending on the input.
Finally, System Integrity Protection (SIP) protects some of the most vulnerable parts of your system, including the main system directories. Apple limits the potential damage caused by malware because it prevents applications from accessing these areas.
SIP also protects preinstalled applications, such as Finder and Safari, from code injections that can change the way these applications work. If you restart your Mac and run a Terminal command, you can disable SIP; but most people should leave him alone.
The case of a third-party antivirus
These security features all help protect your Mac from attack, but no platform is immune. New instances of macOS malware are discovered every year. Many of these solutions pass through Apple's defenses by design, or exploit a "zero-day" security flaw that Apple has not been able to fix.
In June 2019, OSX / CrescentCore was discovered posing as a disk image of the Adobe Flash Player installation program. The malware installed an application called Advanced Mac Cleaner, LaunchAgent, or a Safari extension, looked for antivirus software, and then exploited unprotected machines. OSX / CrescentCore was signed with a developer certificate, so it infected machines for days before Apple detected it.
I guess they've called it "OSX.CrescentCore" because of built-in strings such as: /Users/mehdira/Desktop/WaningCrescent/WaningCrescent/Utils/RtfUtils.swift 🤭
– Objective-See (@objective_see) July 2, 2019
A month earlier, a malware known as OSX / Linker took advantage of a "zero-day" flaw in Gatekeeper. Since Apple had not corrected the security breach at its first report earlier in the year, OSX / Linker went past Gatekeeper.
Hardware is another weak point in the chain. In early 2018, it was discovered that almost all CPUs sold in the last two decades were affected by serious security breaches. These defects became known as Spectrum and fusion-Yes, your Mac has probably been affected. Flaws could allow attackers to access data in parts of the system that are considered protected.
Apple has finally corrected macOS to guard against Spectrum and Meltdown. The exploits require that you download and run malicious software for it to hurt, and there is no evidence that Mac owners have been directly affected. Meltdown and Spectrum emphasize the fact that even hardware out of Apple's control can lead to serious security breaches.
In 2016, OSX / Keydnap infected the popular BitTorrent client transmission. He attempted to steal the login information from the keychain of the system and create a backdoor for future access to the system. This was the second incident in five months involving transmission. Again, because the infected version was signed with a legitimate certificate, Gatekeeper did not detect it.
While the Mac App Store hopes to detect all the unscrupulous applications, in 2017, several malicious apps have successfully passed the Apple review process. Applications like Adware Doctor, Open all files and Dr. Cleaner stands as legitimate anti-malware software. However, they sent information – including browsing history and processes running – to servers in China.
Because Gatekeeper implicitly trusts the Mac App Store, the software has been installed without additional verification. An app like this one can not cause too much system damage through Apple's sandboxing rules, but stolen information still constitutes an important security breach.
In August 2018, LoudMiner was discovered in pirated copies of Virtual Studio Technology (VST) plug-ins and Ableton Live 10. LoudMiner installs virtualization software that runs a Linux virtual machine and uses system resources to exploit cryptocurrency. The exploit affected Mac and Windows computers.
These are just some examples of recent macOS security issues. Third-party anti-virus software would not capture all of them, and not all of them would directly result in a usable exploit (including Meltdown and Spectrum).
How to reduce your risk of infection
The best thing you can do to protect your Mac from security breaches is to keep it up to date. Apple responds to security vulnerabilities with small security patches and more important operating system updates. Go to System Preferences> Software Update to check for updates. It is best to set up your Mac to automatically install updates.
If you install software from unknown sources, it may also cause an infection. For best results, only use software from the Mac App Store or signed with a legitimate developer certificate.
As stated above, even if you do, your system is not immune, but it offers good protection. If you need to install an unsigned application, be sure to download it from a reliable source. Some Mac application installation programs include unwanted softwarejust like they do on Windows.
If you download pirated software, it could lead to an infection. This presents a high risk because when you download software from illegitimate sources, you are at the mercy of the uploader. You could expose yourself to more than you had planned.
Adobe Flash is another source of malware and browser-based exploits. If you do not use it a lot, delete it from your system. Most websites have already dropped Flash, and this will definitely be done by the end of 2020. If you need to use it, install Google Chrome and enable the sandbox version of Flash.
Unsecured public wireless networks also pose risks to security and privacy. Human attacks in the middle occur on public access points and may allow someone to spy on your traffic. If you need to use an unsecured public network, do it via a VPN.
And finally, for added protection, you can install anti-virus or anti-malware software to monitor your system.
Which Mac security software should you install?
Let's be clear: antivirus software for your Mac is not essential. If you follow the basic "common sense" practices described above, the risks of infection remain low. Even with an antivirus, your system could be the victim of a new undocumented infection. When a Mac is compromised, all are compromised, whether or not you run an antivirus.
Still, if it makes you more comfortable to have an antivirus on your Mac, that's fine, and we recommend some of them.
For a basic malware removal tool, try Malwarebytes. We love both the Windows and Mac versions. With the free version, you can scan your Mac to detect malware and delete everything it finds. If you want real-time protection (and again, you probably do not need it), we recommend Malwarebytes Premium ($ 39.99 per year).
We did not perform our own tests to find the "best" Mac antivirus package. But the following tools received the highest marks MacOS Summary of AV-Test of June 2019:
Another useful tool that detects malware is Knock Knock of Objective-View. KnockKnock does not specifically target malware, but rather persistent software. Because malware often uses aggressive tactics to stay on a computer, KnockKnock finds and analyzes these processes.
KnockKnock is completely free to download and use. However, it does not remove tools and may report certain known safe processes. It crosses processes with VirusTotal and highlights any malware known in red.
Mac users concerned about security should also check Small bright gold. It is essentially a firewall that invites you whenever an application tries to connect to the Internet. You can then approve or deny these requests to limit applications that can send and receive data, and the application remembers. Little Snitch is available as a free trial and the full version costs $ 45.
Never assume that your Mac is safe
Even if you run all the security tools at your disposal, you should never assume that your Mac is safe. No operating system or hardware element is immune from attack. Vulnerabilities can occur overnight without warning.
The best thing you can do to protect your Mac is to keep it up-to-date and only install signed software from approved developers and the Mac App Store.
And, in case you're wondering, the author of this piece does not have any antivirus on his Mac.