Malware and Mac

It is worth keeping an eye on the Mac malware situation rather than pretending it does not exist, or is someone else’s problem.

As the Mac user-base has grown so has its popularity as a rewarding fishing spot for hackers. Linux has seen the same growth in interest and abuse.

The recent MalwareBytes report is unfortunately being misrepresented by many who have not read past the misleading headlines to the bottom of the articles.

And just for laughs

The point to observe isn’t that there is a claim that the Mac world has more malware than Windows, but that the acceleration rate is now faster due to a simple numbers game.
If you start with 1 malware then another turns up, you just increased by another 100%, but that does not mean you have a lot of malware.

The Mac world is still a whole lot safer, but it now shares the same hardware and sub-layers as the rest of the x86 world. We run browsers that are now an OS in a window, so have become a playground for malware that works on any OS.
The networks and hardware you use is now the common target for many hackers, which again is OS agnostic.
Every OS can send and receive files from any OS, so any OS can be a “super-spreader” of contagion as long as the host is not actually the target.

Personally I feel it is everyone’s responsibility, so everyone’s duty to keep each other from harm whenever possible.
No matter what OS though you may not be at risk, but if you handle lots of files from or for other people for any reason, you may want to consider a standalone AV scanner by one of the few AV vendors that don’t keep popping up in the news for all the wrong reasons.
If all the files you receive are via a browser then you can even just make use of a remote scanning service such as VirusTotal or OPSWAT with a browser extension.

Macs have always been able to get viruses and malware; we have always known this…

I originally came from a windows environment and never changed my cautious behaviors when I switched to Macs. I, too, have always known that Macs can be susceptible to malware, we just aren’t targeted as much.

The best malware prevention is the user at the keyboard.

When I first started using Macs, in the late 1980s, we had more virus problems with them than the PCs we had. The AV software for the Mac was updated more regularly and contained a bigger database. I moved to other areas during the mid to late 90s, so I don’t know how bad the problem was, before the switchover to OS X. And, of course, Windows became popular and it gained the lions share of viruses.

But no platform is immune to viruses. The Linux community was the same as the OS X community - they can’t touch us, we aren’t Windows and *NIX was built from the ground up with security in mind. Wrong! They might have been designed for multi-user systems, but they weren’t designed in a time when they were regularly attacked by hostile outsiders and they are written by humans, and humans always make mistakes.

That is the biggest problem. And with billions of devices and thousands of crooks looking for ways to make money, computational devices are an obvious target, whether it be servers, PCs or mobile devices, whether they run *NIX, OS X, iOS, Android (which are all essentially *NIX based) or Windows, they are all very vulnerable to attack. Due to the size and prosperity of the Mac/iDevice userbase, they are becoming more of a target, again, in recent years.

When I had my Mac, I always ran a simple AV software in the background, even if it wasn’t 100% accurate and the majority of its database was Windows malware. Why? Because I am a good Internet citizen and I didn’t want to accidentally pass on the viruses to other users, who might be affected. The same for my Linux workstations, they were regularly scanned for malware. In fact, I don’t think my Windows or Linux PCs or my Mac ever received a virus. But I took the precaution.

User discipline is probably the most important factor - not clicking on unknown links, not clicking on ads, not going to unknown sites, not downloading things you don’t know the provenance of - the same for attachments on email; even from other members of staff, I always run a virus checker over the file before opening it (the AV should have checked it in the mail client and as I saved it, but I always check once again to be 100% certain).

Where I work, I am pretty lucky, most of the users are pretty paranoid about viruses. If they receive something they are unsure of, even if it seem legitimate, but there is just a slight hint that it might not be 100% correct, they call us to double check. I’d rather spend a couple of hours a day reassuring people that attachments or links are legitimate than spend days rebuilding our entire server infrastructure and client PCs! And it works, we’ve probably stopped at least a dozen phishing attempts to insert malware on machines over the last year. Some of the users are even aware of how this works now and they simply forward suspicious messages to us, saying “I’m pretty sure this is a phishing email, am I correct?”

When we get such emails, we then take an image of them and highlight the bits of the message that are telltales (name and email address not matching, spelling mistakes, links to untrusted sites etc.) and send it out to all employees.

So far, this has worked pretty well.

I know Macs are becoming more popular, and thus are more of a target. Mac or Windows, even as a very tech savvy user, I sometimes accidentally click on things I shouldn’t, and I know that ANYTHING connected to the internet is a target. I find peace of mind in having an anti-virus (ESET NOD32 Internet Security), even if it mainly sits there and appears to do nothing. Once in a while it’ll catch and kill something before I have a chance to worry about it.

Even for those who are NOT tech savvy, like my Mom, who has a Win 10 PC, it gives us peace of mind knowing her computer is protected from most threats.

Like Leo, and many other techs I have known, I prefer to download Malware Bytes or something once in a while, run it, then remove it. Otherwise I use CCleaner often.

It is often a thorny old topic and even in the Windows world has always resulted in arguments and camping of positions.
Thankfully I see plenty of practical caution and realism here which is nice.

We may use different architectures and OSs, but year after year we see more commonality.
Shared architectures, virtual machines on a vulnerable host, common scripting languages and data formats, web browsers and extensions, bluetooth, wifi, the same trusted but compromised sites, …
We are now more and more of a whole functioning eco-system, but perhaps dysfunctional may fit better.

I often use super-spreaders like Typhoid Mary as an example of why malware is everyones responsibility.
And a hypothesis. Imagine we rolled back the clock to the beginning of the 90s.
Imagine how much less malware there would be floating around the web, if since it was standard for Windows users to need AV, that Linux server admins looked for Windows malware each time they audit their systems that continue unwittingly serving it up.
What if all Windows, Linux and Android security quickly blocked all those annoying malformed media files that occasionally reset or freeze an iPhone ?
And if malware takes down a service or site you use as a Windows, Mac or Linux user, does it make any difference in the outcome ?

Like many other nerds I don’t use an active runtime AV, but rely on experience and knowledge, and multiple layers of defences.
I use remote and standalone scanners with multiple AV for a broader opinion on new files.
If multiple decent AV flag something I worry, but if only 1 flags it even if it is the current best, I will consider it a false positive.
Some things I can recommend for regular users because they are so easy to do, but the experience and knowledge cannot be handed over so easy, so I never use myself as the model of how everyone should do it.

AV is unfortunately more and more a compromise. Will it slow the system much, will it introduce it’s own vulnerability, will it fill my system with bloatware you don’t need, will it even do it’s job properly or just add a false sense of security ?

With family I end up recommending Avira for a runtime option based on a few factors.
The free version like most will show popups when the paid version gets new features or there is a deal on, but as it is only their own security products (which you may actually want), I think that a reasonable “price” compared to adverts for random products or selling data to advertisers.
It will slow the system a little but not too noticeable for most.
The extras are thankfully all optional, so it is only bloatware if you get click-happy.
For many years Avira and Bitdefender are the 2 most consistent top performing AV, with low false detection rates.
Avira are not a regular headline of doom and so far seem to be responsible and deal with flaws quickly.
They are a German company that respond quickly to paid and free customers.
False positives and submitted malware is easily done and dealt with promptly.
Even though I don’t have it installed, I can link the accounts on the devices my family use to an Avira account I do use. From this portal I can inspect the state of each device, and where supported use the locate feature if it is missing.

As a parent, I would heartily encourage people to consider such a tool as a way to keep a reasonable level of access and control of your childrens devices.
Installing some sort of spying or tracking app on your kids devices is not going to go down well, but a legitimate well known security tool with a “find my phone” type feature is sensible precautions.
Likewise if you run a small business with people bringing their own devices, it can also be a cost-effective way to lower the possible threat from your staff, which lets face it are often the biggest threat.

Personally use OPSWAT Metaclient and the standalone browser extension for my home AV. It checks files against the CVE database as well as checking for malware against multiple AV. I can also test executable files with the sandbox and get a report of the behaviour.
Below a certain amount of seats OPSWAT allow free use of several tools, but they are not aimed at home users so I don’t recommend it generally.

Uhh, the horrible irony. Governments and enterprises are indeed probably one of the worst offenders for being out of date.
This makes sense for mission critical software or systems, but all to often the desktops of the office staff etc. are left vulnerable for no good reason.

This practice applies to all consumers and individuals with computers as well, the OS(regardless of what platform) and the browser is to be kept up to date as the priority.