Do I Need An Antivirus Software For My Mac?

A few years back if someone had asked me if their Mac requires an antivirus, I would have said “Are you joking? Dude Mac is so secure I don’t think even God himself would be able to infiltrate it with a virus” (Yes these would have been exact words).

With the rising popularity of the Mac, hackers and other cybercriminals have started to target the macOS as their exotic destination for chaos too.

Surprisingly, even with all these challenges, Apple has stood its ground and has made sure that macOS can retain the tag of the most secure OS.

In this article, MacSecurity will review various antivirus software and help you answer the question "do I need an antivirus software for my Mac".

Related: How to Remove Malware on Mac

Do I Need An Antivirus Software For My Mac?

Can Macs get viruses?

More accurately, the term malware would be used instead of the overused word "virus." The ability to replicate and spread is what gives computer viruses their name. Malware comes in various forms, and viruses are just one of them. Sadly, the Mac has been the target of some of these attacks.

Adware: After being installed on a Mac, this malicious software will display pop-ups and adverts for software, most likely for Potentially Unwanted Programs like those we'll cover next. Malwarebytes states that "adware and PUPs have not been targeted by macOS' built-in security measures to the same extent as malware, leaving the door open for these borderline apps to infiltrate."

Known examples of potentially unwanted programs (PUPs) are Advanced Mac Cleaner, Mac Adware Remover, and Mac Space Reviver. Due to the unfavorable reputations of some of these programs, the number of Macs infected has decreased, according to Malwarebytes, which is part of the reason why these apps tend to hound users. So it appears that at least some people are becoming aware of these dubious programs.

Ransomware: It has been discovered on Macs, albeit the most recent instance, ThiefQuest/EvilQuest, wasn't particularly effective (in fact some would suggest it was pretending to be ransomware, but actually it was just transferring data). In either case, it was promptly located and put an end to.

Criminals have tried to utilize Macs to mine bitcoin and other cryptocurrencies, as seen in the instance of LoudMiner (aka Bird Miner).

Spyware: Criminals value our data, and it is the purpose of spyware to collect this data. The Pegasus spyware, which is known to have infected some iPhones, is one example of this. This was a significant enough problem for Apple to declare that they will notify consumers of spyware attacks like Pegasus (more on that below).

Phishing: We've all gotten phishing emails and are aware of the risks, but how can we be certain that we won't be duped by a phishing attempt to obtain our data or log-in credentials as thieves become more clever (and perhaps even learn to spell)? Perhaps you are convinced that you will never fall for a phishing scam, but what about your parents?

Malware Horse: A type of malware called a Trojan is concealed or cloaked within the software. Trojans come in a variety of forms. For instance, a Trojan might allow hackers access to our machines through a "backdoor," allowing them to view files and steal your data. In essence, the term "Trojan" refers to the process by which the malware enters your computer.

Hack using USB or Thunderbolt: Malware has occasionally been installed on Macs using a customized USB cable. Even yet, there have been Thunderbolt security issues that are covered in this article: How to defend against the Thunderbolt security hole on your Mac. Likewise read: Are Macs hackable?

These incidents prove that malware on the Mac poses a hazard, and it's possible that there will be more incidents in the future. The Silver Sparrow malware attacked both M1 Macs and Macs with Intel CPUs immediately after the M1 Macs were released in November 2020.

Do I Need An Antivirus Software For My Mac?

Mac comes with many built-in security features to keep it safe. The reason macOS is so secure is that it is based on the Unix Kernel (which itself is very secure).

Unix is also the predecessor behind popular operating systems like BSD and Linux. All these OS are known for their reliability and security thanks to a robust permissions system.

Take a look at how Macs are protected.

Xprotect

Mac also comes with an inbuilt anti-malware scanner called Xprotect which is a proprietary technology created by Apple.

Xprotect scans and checks every file against the known macOS malware definitions. In case it finds something suspicious, it will flag the particular file and show a warning.

These malware definitions are updated along with the system updates.

Gatekeeper

By now, you must be well-versed in a character called Heimdall from the Thor movies. He is the protector of the nine realms and makes sure that he keeps a watch on Bifrost.

If you’re a non-comic book person then in simple words he is like a security guard of a big corporate office. So Mac also comes with built-in software to protect itself from unknown applications. The name of the application is Gatekeeper (Yes that’s the name, how original).

This Gatekeeper blocks the applications that either aren’t signed with an Apple-issued developer certificate or are not downloaded from the Mac App Store. Sadly the developers who want to create free, open-source apps won’t have a certificate as they have not entered the Apple Developer Program.

Such apps will also be under the radar of the Gatekeeper. In case you trust this unsigned app, you can go to System Preferences > Security & Privacy, and then click “Open Anyway” after you attempt to open the app.

Sandboxing

Apple also has built-in security measures against the Apps which are downloaded from Mac App Store or which have an Apple-issued developer certificate.

Such apps are executed in a secure environment called Sandbox which allows them to perform their purpose and nothing else.

When you run an app in a sandbox, you limit what it can do and provide additional permissions based on input.

SIP

System Integrity Protection (SIP) protects the most vulnerable parts of your Mac, including system directories.

Apple prevents apps from accessing these areas, thus limiting the amount of damage caused by the rogue software.

SIP also protects preinstalled apps, like Safari and Finder from any malicious code injections so that the behavior of the application is not modified.

Malicious Ghosts of the Macs Past

All the security features mentioned above protect your Mac from attacks, but the reality is even bitter and no platform is immune. There are new instances of macOS malware being discovered every year.

Many of these go undetected through Apple’s security either by design or by exploiting a security flaw.

A few of the known malware attacks are:

• OSX/Shlayer – OSX/Shlayer (also known as Crossrider) is a type of adware that infects Macs via a fake Adobe Flash Player installer. This fake flash player which people had downloaded through a BitTorrent site installed various dangerous apps on the Mac. A few of these apps are Chumsearch Safari Extension, Advanced Mac Cleaner, MyShopCoupon+, Media Downloader, and MyMacUpdater.
• OSX/CrescentCore – OSX/CrescentCore is a type of malware that was discovered in 2019. It disguised itself as an Adobe Flash Player installer disk image. This malware installed additional apps like Advanced Mac Cleaner, LaunchAgent, or a Safari extension, and then exploited unprotected machines. OSX/CrescentCore was difficult for Apple to catch as it was signed with a developer certificate.
• OSX/Linker – I previously mentioned how certain malware takes the advantage of a security flaw. Such is an example of OSX/Linker which was discovered in 2019 and took the advantage of a “zero-day” flaw in Gatekeeper. OSX/Linker was able to slip past Gatekeeper as Apple hadn’t patched the security flaw( which was first reported earlier the same year.)
• OSX/Keydnap – OSX/Keydnap is a type of malware that infected the popular BitTorrent client called Transmission. It stole the login details from the system keychain and created a backdoor for future access to the system. Similar to OSX/Crescent Core even this was not detected by Gatekeeper as it was signed with a legitimate certificate.
• LoudMiner – LoudMiner was a cryptocurrency miner that was discovered in Ableton Live 10. It installed a virtualization software that ran a Linux virtual machine and used system resources to mine cryptocurrency. 

All the above examples were regarding the software part of the Mac but in one such case, even the hardware of the Mac was compromised.

Back in 2018, it was discovered that all Mac CPUs that were sold in the last two decades had some serious security flaws. These flaws which were known as Spectre and Meltdown allowed the attackers to access the part of the system which was known to be protected.

Apple later patched its OS against Spectre and Meltdown.

Even though Apple has a very strict review process for the apps that need to be hosted on its App store, there are few cases where certain apps were able to pass through it.

A few of these malicious apps are Adware Doctor, Open Any Files, and Dr. Cleaner. All these apps disguised themselves as legitimate anti-malware software.

• However, they send information like browsing history and currently running processes to servers in China. As these apps came from the Mac App Store, Gatekeeper allowed them to run without any additional checks.
• Thanks to sandboxing rules, the apps were not able to cause any harm to the system but they were able to steal the information which is still a major security breach.

These are a few examples of MacOS security problems in recent years. Even though Apple patched its OS against all the above threats, the damage caused to the users was still significant.

How You Can Reduce Your Risk of Infection

• Make sure your Mac is up to date – First and foremost, keep your Mac up to date. As mentioned above Apple releases various patches to protect the Mac from security vulnerabilities. To update your system, just go to System Preferences > Software Update to check for updates. You can also enable the setting to install updates automatically.
• Do not download Apps from unknown sources – Most of the time your Mac can be infected if you downloaded an application from an unknown source. Make sure the application you’re downloading has either come from the Mac App Store or is signed with a legitimate developer certificate. Even if you’re planning to install an unsigned app, do make sure the source is trustworthy.
• Be careful when connecting to public Wi-Fi networks – Man-in-the-middle attacks usually occur over public hot spots, and these attacks can allow cybercriminals to spy on your traffic. So if you’re planning to connect to a public network make sure you do it through a VPN.
• Avoid any suspicious emails – Sometimes hackers can also send attachments through emails that can contain malware. It’s always good to verify the authenticity of the sender before opening such emails.

Which Mac Security Software Should You Install?

Even though Apple recommends you do not need a third-party antivirus, it is always good to keep a backup in case Apple hasn’t patched their OS or if the Gatekeeper has allowed some rogue application.

The third-party antivirus might sound bad as per Apple standards but you never when your Mac might get infected by malware or virus. To start with for a basic malware removal tool, you can install Malwarebytes.

The free version of Malwarebytes will scan your Mac for malware and remove anything it finds. If you want real-time protection you can even go for Malwarebytes Premium.

These apps are some of the top security known for Mac.

• Intego Mac Internet Security X9
• Bitdefender Antivirus for Mac
• Avast Premium Security
• Kaspersky Internet Security for Mac
• Sophos Home Premium

How do I know if my Mac is infected?

Well, there are some sure-shot signs that you might notice on your Mac if it’s infected with a virus. Normally, if your Mac has been infected, it would act in the following way:

• Your Mac would be slower than normal, this could be a sign of someone accessing your system to run a DDOS attack.
• You would begin to receive security alerts, even though you have not scanned your system yet.
• The browser's homepage would be different compared to how it was earlier. Here you might notice a couple of new tabs or icons which would indicate that your browser has been infected.
• Your Mac would bombard you with unwanted ads.
• There are times when you might not be able to access your personal information or system settings. This might be due to ransomware or malware that has attacked your Mac.

Do I Need An Antivirus Software For My Mac - Conclusion

To summarize, Installing an antivirus is all dependent on you. So if you feel it’s a necessity, as a safety measure you can install an antivirus. Make sure the antivirus you’re going for doesn’t slow down your Mac.

Also, do watch out for fake antivirus present online. Most of these will be malware disguised as legitimate software.  Do remember you can always keep your Mac safe by following the basic security practices mentioned above.

Apple does a pretty good job of protecting your Mac with its constant updates and its in-built security tools.

Also Read:

• How to Delete Spyware on Your Mac
• How To Check iPhone For Viruses Or Malware
• What Is A Trojan Horse?