There’s an age-old belief in the tech world that Macs don’t get malware. Well, we know that isn’t true – Mac security firm Intego uncovered several new threats specifically targeted at Macs in June 2019 alone, and notable instances of Mac malware have been uncovered in the past. But is it true that Macs are less vulnerable than Windows PCs?
Macs have a lot of built-in features that can be powerful tools in the fight against malware. But are they enough? These features come with every Mac by default, so is there really a need to install third-party antivirus software on your computer? We asked the experts.
Vulnerabilities in Apple’s systems
The belief that Macs are fairly resilient to malware isn’t just idle fanboy-ism. Windows PCs make up roughly 90% of the market, making them a much more attractive target to malware makers.
And Macs really do have some stellar built-in tools that protect you right off the bat. For example, when you download an app off the internet, your Mac checks it against a list of known malware apps using XProtect. It works invisibly in the background, meaning it needs no maintenance or activation and doesn’t slow down your Mac. Gatekeeper, meanwhile, will prevent the app from opening without your permission if it hasn’t been digitally signed as safe by Apple. And now, Apple has even started notarizing apps so that they can prove they are trustworthy.
On top of that, all apps are sandboxed, meaning they can only do what they’re meant to do, without being able to access critical system infrastructure and settings.
But there are gaps in the armor that protects Mac users’ systems. Apple’s layer of security relies on adding quarantine tags to suspicious or outright malicious software, and this then prompts the warning dialogue you see when you try to open them.
Thomas Reed, Director of Mac & Mobile at security firm Malwarebytes, told me that the defenses aren’t as comprehensive as it seems. “Adding that flag is not a requirement, and not all software does [it],” he explained. “For example, torrent software often doesn’t, while at the same time being used heavily in piracy.”
“The nature of sandboxing on MacOS actually restricts antivirus software.”
In addition, XProtect’s list of malicious file signatures is hardly all-encompassing. Reed explained that it only checks files against 94 rules, “a tiny fraction of the rules found in any more powerful antivirus engine.” Kirk McElhearn, co-host of Mac security firm Intego’s podcast and a writer on malware topics, concurs that XProtect only looks out for “a handful of strains of malware.”
What about the new security features in MacOS Catalina, due to launch this fall? Apple says apps will require your permission before accessing your documents, desktop files, iCloud Drive and external drives, plus it’s promising greater security thanks to a dedicated system volume for the operating system and the T2 Security Chip in new Macs.
However, Reed still doesn’t believe these go far enough. He told me that Gatekeeper still won’t perform a signature check on non-quarantined apps on launch, meaning a malicious actor could tamper with a legitimate app and it would still be permitted to run on MacOS.
Reed also believes the nature of sandboxing on MacOS actually restricts antivirus software, at least if you download it from the App Store.
“By default, for example, [an antivirus app] cannot get access to most of the files on the hard drive. Even if you grant access to the entire hard drive, many of those files cannot be removed by an App Store app. This means App Store antivirus is less likely to be able to detect all threats and is also less likely to be able to remove all threats.”
Where’s the weak link?
What about the common criticism that antivirus apps put an unnecessary strain on Macs, slowing them down and adding unwanted bloatware? McElhearn feels this concern is overblown.
“A decade or longer ago, the argument that antivirus software could slow down your Mac certainly may have had some merit, in some cases,” he explains. “But modern Macs generally have plenty of resources (processing power, memory, and disk speed) to allow antivirus software to protect you without any noticeable detriment to the Mac’s speed.”
Reed, however, is not so dismissive, calling antivirus apps’ performance hit a “bane” to Mac users.
“So many people still feel like Macs don’t need antivirus software that, if you convince them to install something, it’s an instant failure if performance takes a hit,” he laments. If you’re going to install an antivirus app, then, you need to find one that’s not only trustworthy but fast, too. If your Mac slows to a crawl while your antivirus app is conducting a scan, you’ll soon run out of patience — potentially putting yourself at risk.
Relying purely on Apple’s systems isn’t enough.
There are further indications that we are often the weak link. Reed argues that Apple’s in-built protection systems do a poor job of detecting adware and potentially unwanted programs (PUPs), things that he describes as “the most prevalent” threats to Mac users today.
If you fall victim to Mac malware, he argues, it’s less likely to be at the hands of a traditional virus and more likely to be due to you being tricked into installing malicious software masquerading as a trustworthy app — Mac Defender being a well-known example.
McElhearn, meanwhile, argues that relying purely on Apple’s systems isn’t enough. For example, while Gatekeeper can block apps that originate from third-party or untrusted developers, it can easily be bypassed by the user with a couple of clicks.
While Gatekeeper gives you plenty of warning that ignoring its checks is a bad idea, it still lets you do it with relative ease.
Both points cut to the heart of the biggest vulnerability in Mac security: Us. Humans are fallible creatures, open to manipulation or just plain laziness.
We may think that an app has been unnecessarily flagged by Gatekeeper (or get “dialogue fatigue” and allow it to run without thinking), thereby inadvertently opening the door to malware. Or we may see a well-made forgery of a trustworthy website, leading to us giving away our bank details to fraudsters and malcontents.
In cases like these, neither your Mac’s layers of built-in security nor third-party antivirus apps can offer you 100% protection.
A multi-pronged approach
The obvious conclusion seems to be that you should install antivirus software on your Mac (we’ve rounded up the best options for you). But as we noted above, there are some important caveats, and it’s certainly not the only precaution you should take.
An efficient, fast antivirus app can be a useful tool in keeping your Mac safe.
Ultimately, antivirus software alone will never be enough. You always need to back it up with a strong dose of common sense. Don’t download apps from questionable sources; don’t overrule Gatekeeper’s warnings; don’t click links in emails from unknown senders and don’t listen to suspicious websites prompting you to install Adobe Flash Player or any other app.
That said, an efficient, fast antivirus app can be a useful tool in keeping your Mac safe, helping to cover ground that’s missed by Gatekeeper, XProtect and the other security measures in place on your Mac.
So, there you have it. You should install antivirus software on your Mac, but make sure you find one that doesn’t slow your machine to a crawl, and back it up with plenty of common sense. Do all that and you stand a good chance of keeping Mac malware at bay.