Apple Finally Recommends Antivirus Protection 2022
Apple Recommend Antivirus for Mac It seems as if the pot has finally called the kettle black. After routinely needling Microsoft and PC users for having to run antivirus programs, Apple has finally recommended that owners of its hardware use similar software to protect their computers.
Traditionally, Apple hardware and the Mac operating system have been free from viral or spyware attacks for one very simple reason: too few people actually use those systems. From a spyware goon’s perspective: if only about 5 per cent of computer owners are Apply users, then why design a spyware program or hack for such a small segment of the population?
What Antivirus Software Does Apple Recommend for Mac?
Now that Macbooks are becoming more popular and Apple’s star is rising, so too is the chance of an infection. Thus, in an article issued last week, the Cupertino-based company recommended the “widespread use” of at least one — preferably more than one — antivirus program to protect against security threats.
The trick to using more than one program would be to avoid falling into the “one-trick pony” trap, with hackers learning the one program Apple users turn to for protection. Many hackers design virus programs that can easily circumvent one or two different types of defenses, but the more security formulas there are on the market, the harder cracks will be.
So, what does Apple recommend, specifically?
If users were to select one program, Apple recommends it be Intego’s VirusBarrier X5, followed by McAfee VirusScan for Mac and Symantec Norton Antivirus 11.
Apple’s ad campaign has changed with its position on the need for antivirus support. In 2006 it poked fun at Windows’ weaknesses; now, it subtly adds to company frequently-asked-questions that users should users upgrade. Although it still markets the Macbook and Mac OS X as a safer bet for buyers seeking security, the prose has been toned down significantly.
What are the latest Mac viruses and threats?
There are various ongoing threats to those using a Mac including phishing attacks, fake malware, adware, broswer hijackers, and more. Of those the one making the biggest impact is the Shlayer Trojan, which hit 10 percent the Macs monitored by Kaspersky in 2019, according to that company. (It’s not a new threat though having been around since February 2018.)
OSX/Shlayer (also know as Crossrider) is a variant of adware that infects Macs via a fake Adobe Flash Player installer. The fake Flash Player, which you would have to pick up from a BitTorrent site, according to Intego, installs various apps on your Mac, including: Chumsearch Safari Extension, Advanced Mac Cleaner, MyShopCoupon+, mediaDownloader, and MyMacUpdater.
Newer, but no less damaging, threats include OSX/Newtab, which appeared in December 2018. According to Malwarebytes this is part of an “adware family that attempts to redirect searches in the web browser for the purpose of earning illicit affiliate revenue.” Malwarebytes says that it is “often spread through fake flight or package tracking pages, fake maps, or fake directions pages”. This threat attempted to add tabs to Safari and was digitally signed with a registered Apple Developer ID. Apple has since changed the way extensions work in Safari so it is no longer able to infiltrate Safari – but it is still a risk for Chrome users.
The Case for a Third-Party Antivirus
These security features all help protect your Mac from attack, but no platform is immune. New instances of macOS malware are discovered every year. Many of these slip through Apple’s defenses by design, or they exploit a “zero-day” security flaw Apple hasn’t been able to patch.
In June 2019, OSX/CrescentCore was discovered posing as an Adobe Flash Player installer disk image. The malware installed an app called Advanced Mac Cleaner, LaunchAgent or a Safari extension, checked for antivirus software, and then exploited unprotected machines. OSX/CrescentCore was signed with a developer certificate, so it infected machines for days before Apple caught it.
A month earlier, malware known as OSX/Linker took advantage of a “zero-day” flaw in Gatekeeper. Since Apple hadn’t patched the security flaw when it was first reported earlier in the year, OSX/Linker slipped past Gatekeeper.
Hardware is another point of weakness in the chain. In early 2018, it was discovered that almost every CPU sold in the past two decades was affected by serious security flaws. These flaws became known as Spectre and Meltdown—and yes, your Mac was likely affected. The flaws could allow attackers to access data in parts of the system that were considered protected.
Apple eventually patched macOS to guard against Spectre and Meltdown. The exploits require that you download and run malicious software for it to do any harm, and there’s no evidence that any Mac owners were directly affected. Meltdown and Spectre highlight the fact that even hardware outside Apple’s control can result in serious security exploits.
In 2016, OSX/Keydnap infected the popular BitTorrent client Transmission. It attempted to steal login details from the system keychain and create a backdoor for future access to the system. This was the second incident in five months to involve Transmission. Again, because the infected version was signed with a legitimate certificate, Gatekeeper didn’t catch it.
Other Mac threats in 2019 included
OSX/CrescentCore: This Mac malware was available to download from several websites, and even showed up in Google Search Results. It was disguised as a DMG file of the Adobe Flash Player installer but would actually install either a file called LaunchAgent, an app called Advanced Mac Cleaner, or a Safari extension. Before installing anything the malware would check whether there was an antivirus tool installed on the Mac. The CrescentCore malware was able to bypass Apple’s Gatekeeper because it was ‘signed’ by a known developer.
OSX/Linker: first appeared in May 2019 exploitd a zero-day vulnerability in Gatekeeper to install unsigned malware.
LoudMiner or Bird Miner: A cryptocurrency hidden in a cracked installer for Ableton Live.
The best way to protect yourself from the above threats is not to allow the installation of third-party software unless it’s from the App Store or identified developers, as per the Security & Privacy settings, that you can access in System Preferences > Security & Privacy > General. With those settings applied, if you were to install something from an unknown developer Apple would warn you to check it’s authenticity. Read on to find out how Apple protects you from malware and what you can do to protect yourself further.
Apple goes to great lengths to protect you from malware by making it almost impossible for you to download it in the first place, let alone install it. The company has built anti-malware protection into macOS. For example, before you can open a file, your Mac will check it against a list of malware, and even if there is no reason for concern it will not allow you to open an application from a developer that it hasn’t already approved.
The Mac’s malware scanning tool, Xprotect, works invisibly and automatically in the background and requires no user configuration. Apple has a list of malicious applications that it checks against when you open downloaded applications. Updates happen invisibly too. This is similar to having antivirus software from another software developer running on your Mac, with the bonus of being written into the operating system and therefore it doesn’t hamper the speed of your Mac.
If you download and try to open files contaminated with malware, you may see an explicit warning that the files will “damage your computer”, along with a reference to type of malware. You should delete the file immediately.
In addition, macOS blocks downloaded software that hasn’t been digitally signed – a process in which Apple approves the developer. This leads to the familiar error message when you try to use or install unsigned software: “[this app] can’t be opened because it is from an unidentified developer.”
The system at work here is called Gatekeeper and can be controlled via the Security & Privacy section of System Preferences – in Security & Privacy select the General tab and choose from the options underneath Allow Applications Downloaded From. The options include App Store or App Store and Identified Developers.
Security features in macOS Catalina
When Catalina launched in October 2019 Apple emphasised many of the new security and privacy features.
For one thing you will notice how Catalina forces apps to ask for permission before they can access the parts of your computer (such as where files are saved). Another change is that macOS itself is now stored on a separate disk volume (if you look in Disk Utility you’ll see your usual Home volume and a separate Home – Data volume). This means that your important system files are all completely separate and therefore more challenging to access. This should mean that no apps can get to your system files where they could cause problems.
You’ll also be seeing warnings if you try to use a weak password and a prompt to change it to something safer.
Changes to Gatekeeper (which is Apple’s solution for catching and stopping viruses and malware) include software being checked for malware and other issues everytime it runs, rather than just the first time you install it. If the software isn’t from a developer that has been approved by Apple it won’t run (unless you use this workaround and even if you do then open it, Apple will still look for known malware associated with it).
Other enhancements that arrived with Catalina in 2019 included:
- Gatekeeper will check all apps for known security issues.
- All apps must get permission before accessing user documents.
- Approve with Apple Watch.
- Activation Lock feature on all Macs with the T2 chip. This means you will be able to brick your Mac remotely.
- Find My app can relay location of a lost or stolen Mac back to its owner.
- You can easily block senders in Mail just by clicking on Block Contact.
Security features in macOS Mojave
Security enhancements that arrived in macOS Mojave in 2018 include:
- Strong password suggestions will appear in Safari when you open an account on a website. This strong password will be saved in your iCloud Keychain so that you won’t have to remember it. It’s a lot safer than using the same password you always use.
- Safari can also automatically insert codes received via SMS into the appropriate fields on a website.
- Safari will also limit Fingerprinting – which is the way a website can recognise you based on information advertisers have about you. Fingerprinting enables advertisers to target ads at you. In Safari 12 Intelligent Tracking Protection stops cookies following you around the web.
- There are also new permissions dialogs that will appear when ever software is attempting to control your Mac or access a particular function (for example the camera or microphone). It’s similar to how things work on iOS.
- If you have a Mac with a T2 chip it will handle various security features including Touch ID.
When Apple’s security measures aren’t enough
All the above is great, but unfortunately there have been cases where Gatekeeper has been bypassed because malware has got an approved developer signature. For example, OSX/CrescentCore, mentioned above, was able to bypass Gatekeeper because it was signed by a certificate assigned by Apple to a developer. It took Apple a few days to retract that certificate.
It isn’t only when malware get’s a certificate from a registered developer. In the case of OSX/Linker, a zero-day vulnerability in Gatekeeper was being exploited.
Zero-day threats mean there are “zero days” to fix the vulnerabilities, although often a legitimate developer discovers the vulnerability and lets the developer know about it. There is usually a 90-day deadline for the fix to be made available. Some times the developer doesn’t act in time and the exploit is publicised.
Apple normally reacts quickly, although there have been cases where the company has ignored the identified vulnerability, such as when a teenager reported the Group FaceTime vulnerability that meant someone could listen in to a call and Apple failed to act.
Apple usually issues a security update to the latest version of macOS and to the two versions prior to it.
For example, in July 2019 Apple issued a Mojave update alongside security updates for Sierra and High Sierra. These updates addressed a total of 44 vulnerabilities.
Normally the advice would be to install the update immediately. However, the Sierra and High Sierra security update in July 2019 was subsequently pulled after people experiences problems after installing it.
Despite the security measures Apple has in place, from time-to-time there are threats to the Mac.
Apple has its own security research team, but it depends on users and independent researchers to help by reporting any flaws they find in Apple products.
To this end, Apple has an incentive program that rewards such discoveries with payments of up to $200,000, depending on the seriousness of the flaw. But it was the last major tech company to set up such a scheme. (Microsoft set up its own bug-reporting incentive programme in 2013, and was itself criticised at the time for leaving it so late.)
On 4 August 2016, Apple security boss Ivan Krstic announced the Apple Security Bounty Program. “We’ve had great help from researchers in improving iOS security all along,” Krstic said. “[But] we’ve heard pretty consistently… that it’s getting increasingly difficult to find some of those most critical types of security vulnerabilities. So the Apple Security Bounty Program is going to reward researchers who actually share critical vulnerabilities with Apple.”
How to keep your Mac safe from malware
Apple does a lot to keep your Mac safe, but you have to work with it, installing updates when they arrive, not clicking on suspicious links in emails, not installing Flash, and so on. There are also some third party antivirus apps you could try –
1) Keep macOS up-to-date
Despite what we said above about the security update Apple later retracted, normally the advice would be to install a security update as soon as possible.
Apple addresses flaws and vulnerabilities with the Mac by issuing updates to the Mac operating system, it is important to keep your Mac up to date. We advise checking regularly for OS updates remains a key part of a sound security strategy.
You can find out about the latest version of MacOS here: Latest version of MacOS.
You can set your Mac to automatically update as soon as a new version of the operating system is made available. Follow these instructions to set that up:
How to automatically install MacOS Catalina (and Mojave) software updates
- Open System Preferences.
- Click on Software Update.
- Tick the box beside Automatically keep my Mac up to date.
- Or, click on Advanced and choose from automatically: Check for updates, download new updates when available, Install macOS updates and Install app updates from the App Store.
How to automatically install High Sierra software update
- Open System Preferences.
- Click on App Store.
- Tick the box beside Automatically check for updates.
- You can choose to download the newly available updates, if you want them to install automatically though you need to make sure the box beside Install macOS updates is checked.
How to manually install macOS software updates
If you’d rather not let your Mac automatically update, you should periodically check to see if there is an update to your version.
- In High Sierra and earlier you can go to the Mac App Store and check for updates.
- In Mojave you need to go to the Software Update pane in System Preferences.
You may need to restart your computer once the update has downloaded. You can expect a typical 460MB download to take about 8 minutes (during which time you will still be able to work) but for a large update you will have to restart and install and that could take as much as 20 minutes, bringing the total install time to about 25 minutes in total.
2) Don’t connect to public Wi-Fi networks
Beware of connecting to a public Wi-Fi network as there may be someone spying who could gain access to your passwords and other private information, or you could have your session hijacked. Snoopers can set up their own Wi-Fi hotspot, pretending to be your hotel or coffee shop, then once you have connected they can grab any data you send over it. In the past there have been flaws detected in the OS that could allow access to your Mac, such as the SSL error in an earlier version of Mac OS X that meant it was possible for a hacker to access your machine if you were using public WiFi.
3) Don’t install Flash
Intego, Malwarebytes and others recommend that you don’t install Flash Player. Fake Flash Player updates are often the means by which people install malware. For example, people want to watch or download a popular movie or TV series for free and they find a search result that leads to a request to update Flash Player in order to view the content. There is no need to install Flash Player now that HTML5 has made Flash obsolete. In fact Flash will no longer be supported as of 2020 so the advice is simple: It’s simple: Don’t use Flash!
4) Keep Java and Flash up to date on your Mac
If you must use Flash or Java (which is also problematic) then make sure it’s up-to-date. Vulnerabilities with Java and Flash have highlighted the fact that there are cross-platform threats that even Mac users need to be aware of. Apple blocks Java and Flash by default, leaving it to the user to decide whether to install those tools. If you do need to update them be very careful where you download updates from!
5) Avoid falling foul of phishing emails
Protect yourself from phishing attacks not responding to emails that require you to enter a password or install anything. You could also use free software such as BlockBlock or XFence (formerly Little Flocker) installed. That way even you were to carry out the steps to launch the malware, it would not be able to write files or mark itself as launching on startup.
6) Don’t fall for Facebook scams
Facebook scams are usually designed to harvest data about the most gullible people, so if it seems like it might be too good to be true it probably is and you’d be wise not to share it on Facebook. At best you might just look silly and those scammers will start to target you with more scams, at worse scammers can access your personal data and that of those you share their post with. So don’t click on a link just because a friend shared it and definitely don’t give out your personal data on Facebook.
Is antivirus software necessary for a Mac?
As we’ve explained above, it’s certainly not an essential requirement to install antivirus software on your Mac. Apple does a pretty good job of keeping on top of vulnerabilities and exploits and the updates to the MacOS that will protect your Mac will be pushed out over auto-update very quickly.
However, sometimes Apple doesn’t respond as quickly as Mac users might hope. In that case, there are some free antivirus apps that might give you some peace of mind.
Beware that due to the fact that people are so concerned about malware threats on the Mac there have been cases of malware actually disguising itself as an antivirus app, most recently Mac Auto Fixer pop-ups have appeared suggesting that software needs to be installed (at a high price). This is similar to another fake antivirus app called MacDefender which has been doing the rounds for some time.