No software is immune to attacks, including macOS. The growing popularity of Apple computers has made it a prime target for malware. And security companies offer more and more antivirus for Mac, but do you really need it?
Here's everything you need to know to protect your Mac from malware.
How macOS protects your computer
Your Mac has many built-in security features to keep it safe. The macOS (formerly Mac OS X) bedrock is rock-solid Unix foundation. This is the same operating system under which BSD and Linux were created. Its reputation for reliability and security has earned its reputation with a robust permission system.
To keep the platform secure, every Mac uses a suite of proprietary technologies. You may be surprised to learn that your Mac is already running an anti-malware scanner in the background, called XProtect.
Whenever you open a file on your Mac, Xprotect scans and compares it against known macOS malware definitions. If he finds something suspicious, you see a warning stating that the file may damage your computer. When your Mac installs system updates, it also updates the malware definitions.
Another technology called Gatekeeper tries to prevent unknown applications from causing damage. By default, macOS blocks all software that is not signed with a developer certificate issued by Apple or downloaded from the Mac App Store.
All unsigned applications are not harmful. Developers creating free and open source applications often can not justify the $ 99 required to access the Apple Developer Program and issue certificates. To bypass Gatekeeper, go to System Preferences> Security and Privacy, and then click "Open Anyway" after attempting to open an unsigned application.
To prevent signed applications and applications distributed through the Mac App Store from damaging the operating system, Apple uses sandboxing. Sandboxing provides the application with everything it needs to fulfill its purpose and nothing else. When you run an application in a sandbox, you limit its possibilities and grant additional permissions based on the entries.
Finally, System Integrity Protection (SIP) protects some of the most vulnerable parts of your system, including the main system directories. Apple limits the potential damage caused by malware because it prevents applications from accessing these areas.
SIP also protects pre-installed applications, such as Finder and Safari, from code injections that may change the way these applications work. If you restart your Mac and run a Terminal command, you can disable SIP; but most people should leave him alone.
The case of a third-party antivirus
These security features all help protect your Mac from attack, but no platform is immune. New instances of macOS malware are discovered every year. Many of them escape Apple's defense design or exploit a "zero-day" security flaw that Apple could not fix.
In June 2019, OSX / CrescentCore was discovered pretending to be a disk image of the Adobe Flash Player installation program. The malware installed an application called Advanced Mac Cleaner, LaunchAgent or Safari extension, checked for the presence of antivirus software, and then exploited unprotected machines. OSX / CrescentCore was signed with a developer certificate. So he infected computers for days before Apple detected it.
Guessing that they called it `OSX.CrescentCore` because of built-in strings like: /Users/mehdira/Desktop/WaningCrescent/WaningCrescent/Utils/RtfUtils.swift
– Objective-See (@objective_see) July 2, 2019
A month earlier, a malware known as OSX / Linker took advantage of a "zero-day" flaw in Gatekeeper. Since Apple had not fixed the security hole when it was reported for the first time this year, OSX / Linker was overtaken by Gatekeeper.
Hardware is another weak point in the chain. At the beginning of 2018, it was discovered that almost all the processors sold in the last two decades were affected by serious security breaches. These defects are known as Spectrum and collapse– and yes, your Mac was probably touched. These flaws could allow attackers to access data located in parts of the system that are considered protected.
Apple has finally corrected macOS to protect against Specter and Meltdown. The exploits require that you download and run malicious software to cause damage, and there is no evidence that Mac owners have been directly affected. Meltdown and Specter point out that even computer hardware beyond Apple's control can lead to serious security exploits.
In 2016, OSX / Keydnap infected the highly popular BitTorrent Client Transmission. He attempted to steal the login information from the system keychain and create a backdoor for later access to the system. This was the second incident in five months involving Transmission. Again, because the infected version was signed with a legitimate certificate, Gatekeeper did not intercept it.
While the Mac App Store hopes to intercept all unscrupulous applications, several malicious apps have passed the review process of Apple in 2017. Applications like Adware Doctor, Open Any Files and Dr. Cleaner have come up as legitimate anti-malware software. However, they sent information, including browsing history and processes running, to servers in China.
As Gatekeeper implicitly approves the Mac App Store, the software has been installed without additional verification. Such an application can not cause too much damage to the system through Apple's sandboxing rules, but information theft remains a significant security breach.
In August 2018, LinerMiner was discovered in pirated copies of Virtual Studio Technology (VST) plug-ins and Ableton Live 10. LoudMiner installs virtualization software that runs a Linux virtual machine and uses system resources to exploit cryptocurrency. The exploit has affected Mac and Windows computers.
These are just a few examples of recent macOS security issues. Third-party antivirus software would not capture them all, nor would they all result directly in a usable exploit (including Meltdown and Spectrum).
How to reduce your risk of infection
The best thing to do to protect your Mac from security vulnerabilities is to: keep it up to date. Apple responds to security vulnerabilities with small security patches and larger operating system updates. Go to System Preferences> Software Update to check for updates. It is best that you set up your Mac to install the updates automatically.
If you install software from unknown sources, this could also lead to an infection. For best results, only use software from the Mac App Store or signed with a legitimate developer certificate.
As stated above, even if you do this, your system is not immune, but it offers good protection. If you need to install an unsigned application, be sure to download it from a reputable source. Some Mac application installers include unwanted softwareas they do under Windows.
If you download pirated software, it could lead to an infection. This is a high risk because when you download software from illegitimate sources, you are at the mercy of the uploader. You could expose yourself to more than you had planned.
Adobe Flash is another source of malware and browsers. If you do not use it a lot, delete it from your system. Most websites have already dropped Flash and this will definitely be the case at the end of 2020. If you need to use it, install it. Google Chrome and enable Flash sandbox version of Flash.
Unsecured public wireless networks also pose security and privacy issues. Interceptor attacks occur on public access points and may allow a person to spy on your traffic. If you need to use an unsecured public network, use a VPN.
Finally, for added protection, you can install anti-virus or anti-malware software to monitor your system.
Which Mac security software should you install?
Let's be clear: Antivirus software for your Mac is not essential. If you follow the basic "common sense" practices described above, the risks of infection remain low. Even with an antivirus, your system could be the victim of a new undocumented infection. When a Mac is compromised, all are, whether you use an antivirus or not.
Nevertheless, if you feel more comfortable with an antivirus on your Mac, that's fine, and we recommend a few.
For a basic malware removal tool, try Malwarebytes. We love both the Windows and Mac versions. With the free version, you can scan your Mac for malware and delete everything it finds. If you want real-time protection (and again, you probably do not need it), we recommend Malwarebytes Premium ($ 39.99 per year).
We did not perform our own tests to find the "best" Mac antivirus software package. But the following tools received the highest marks in MacOS synthesis of AV-Test of June 2019:
Another useful tool for detecting malware is Knock Knock of Objective-See. KnockKnock does not specifically target malware, but rather persistent software. Because malware often uses aggressive tactics to stay on a computer, KnockKnock detects and analyzes these processes.
KnockKnock is completely free to download and use. However, it does not remove tools and may report some known secure processes. It checks processes with VirusTotal and highlights known malware in red.
Mac users concerned about security should also consult Little bright. This is essentially a firewall that prompts you whenever an application tries to connect to the Internet. You can then approve or reject these requests to limit the number of applications that can send and receive data, and the application remembers. Little Snitch is available as a free trial version and the full version is $ 45.
Never assume that your Mac is safe
Even if you use all the available security tools, you should never assume that your Mac is safe. No operating system or hardware element is immune from attack. Vulnerabilities can occur overnight without warning.
The best thing you can do to protect your Mac is to keep it up-to-date and install only signed software from authorized developers and the Mac App Store.
And, in case you're wondering, the author of this article has no antivirus on his Mac.