There’s an age-old belief in the tech world that Macs don’t get malware. Well, we know that isn’t true — Mac security firm Intego uncovered several new threats specifically targeted at Macs in June 2019 alone, and notable instances of Mac malware have been uncovered in the past. But is it true that Macs are less vulnerable than Windows PCs?
Macs have a lot of built-in features that can be powerful tools in the fight against malware. But are they enough? These features come with every Mac by default, so is there really a need to install third-party antivirus software on your computer? We asked the experts.
Vulnerabilities in Apple’s systems
The belief that Macs are fairly resilient to malware isn’t just idle fanboy-ism. Windows PCs make up roughly 90% of the market, making them a much more attractive target to malware makers.
And Macs really do have some stellar built-in tools that protect you right off the bat. For example, when you download an app off the internet, your Mac checks it against a list of known malware apps using XProtect. It works invisibly in the background, meaning it needs no maintenance or activation and doesn’t slow down your Mac. Gatekeeper, meanwhile, will prevent the app from opening without your permission if it hasn’t been digitally signed as safe by Apple. And now, Apple has even started notarizing apps so that they can prove they are trustworthy.
On top of that, all apps are sandboxed, meaning they can only do what they’re meant to do, without being able to access critical system infrastructure and settings.
But there are gaps in the armor that protect Mac users’ systems. The MacOS layer of security relies on Apple adding quarantine tags to suspicious or outright malicious software, which in turn results in the warning dialogue you see when you try to open them.
Thomas Reed, Director of Mac & Mobile at security firm
told me that the defenses aren’t as comprehensive as it seems. “Adding that flag is not a requirement, and not all software does [it],” he explained. “For example, torrent software often doesn’t, while at the same time being used heavily in piracy.”
In addition, XProtect’s list of malicious file signatures is hardly all-encompassing. Reed explained that it only checks files against 94 rules, “a tiny fraction of the rules found in any more powerful antivirus engine.” Kirk McElhearn, co-host of Mac security firm Intego’s podcast and a writer on malware topics, concurs that XProtect only looks out for “a handful of strains of malware.”
What about the new security features in MacOS Catalina? Apple says apps will require your permission before accessing your documents, desktop files, iCloud Drive, and external drives, plus it’s promising greater security thanks to a dedicated system volume for the operating system and the T2 Security Chip in new Macs.
However, Reed still doesn’t believe these go far enough. He told me that Gatekeeper still won’t perform a signature check on non-quarantined apps on launch, meaning a malicious actor could tamper with a legitimate app and it would still be permitted to run on MacOS.
Reed also believes the nature of sandboxing on MacOS actually restricts antivirus software, at least if you download it from the App Store.
“By default, for example, [an antivirus app] cannot get access to most of the files on the hard drive. Even if you grant access to the entire hard drive, many of those files cannot be removed by an App Store app. This means App Store antivirus software is less likely to be able to detect all threats and is also less likely to be able to remove all threats.”
Where’s the weak link?
What about the common criticism that antivirus apps put an unnecessary strain on Macs, slowing them down and adding unwanted bloatware? McElhearn feels this concern is overblown.
“A decade or longer ago, the argument that antivirus software could slow down your Mac certainly may have had some merit, in some cases,” he explains. “But modern Macs generally have plenty of resources (processing power, memory, and disk speed) to allow antivirus software to protect you without any noticeable detriment to the Mac’s speed.”
Reed, however, is not so dismissive, calling antivirus apps’ performance hit a “bane” to Mac users.
“So many people still feel like Macs don’t need antivirus software that, if you convince them to install something, it’s an instant failure if performance takes a hit,” he laments. If you’re going to install an antivirus app, then, you need to find one that’s not only trustworthy but fast, too. If your Mac slows to a crawl while your antivirus app is conducting a scan, you’ll soon run out of patience — potentially putting yourself at risk.
There are further indications that we are often the weak link. Reed argues that Apple’s in-built protection systems do a poor job of detecting adware and potentially unwanted programs (PUPs), things that he describes as “the most prevalent” threats to Mac users today.
If you fall victim to Mac malware, he argues, it’s less likely to be at the hands of a traditional virus and more likely to be due to you being tricked into installing malicious software masquerading as a trustworthy app — Mac Defender being a well-known example.
McElhearn, meanwhile, argues that relying purely on the systems that Apple has implemented isn’t enough. For example, while Gatekeeper can block apps that originate from third-party or untrusted developers, it can easily be bypassed by the user with a couple of clicks.
While Gatekeeper gives you plenty of warning that ignoring its checks is a bad idea, it still lets you do it with relative ease.
Both points cut to the heart of the biggest vulnerability in Mac security: Us. Humans are fallible creatures, open to manipulation or just plain laziness.
We may think that an app has been unnecessarily flagged by Gatekeeper (or get “dialogue fatigue” and allow it to run without thinking), thereby inadvertently opening the door to malware. Or we may see a well-made forgery of a trustworthy website, leading to us giving away our bank details to fraudsters and malcontents.
In cases like these, neither your Mac’s layers of built-in security nor third-party antivirus apps can offer you 100% protection.
A multipronged approach
It’s evident that you should install antivirus software on your Mac (we’ve already scouted out the best options for you). But as we said earlier, there are some important caveats and additional precautions you should take.
A quick and efficient antivirus app is a vital tool for keeping your Mac safe.
Your antivirus software will certainly help, but it can’t do everything for you. Every computer owner needs a touch of common sense to keep their system safe. For instance, you should never install questionable downloads or follow suspicious sites that ask you to install an app like Adobe Flash Player.
As long as you strive to avoid these types of mistakes, your antivirus software should catch anything you or your other security measures have missed.
To sum up: You should install antivirus software on your Mac, but make sure to find one that doesn’t slow down your computer too much, and always use plenty of common sense. With all that, you stand a good chance of keeping Mac malware at bay.