By Steve Kelly
There's one myth regarding Apple that just won't seem to die no matter how much evidence is presented to the contrary: "Macs are more secure and there isn't any serious malware for Macs."
Let's address this myth in the context of the year to date. Then we'll examine what users of Apple products can and should do to protect themselves.
Mac Malware Is No Myth
Less than three months in to 2018, there have been as many new distinct samples of Mac malware as have ever been discovered in such a short time.
The year began with the discovery of OSX/MaMi, malware that points an infected Mac to malicious DNS servers and injects a root certificate authority, making it possible for the malware developer to behave as a man in the middle—even on sites that encrypt their traffic using HTTPS.
Three independently developed Mac remote access tools (RATs) have already been detected this year. CrossRAT is associated with Dark Caracal, an allegedly nation-state sponsored advanced persistent threat (APT) campaign. Coldroot, although developed in 2016 and released in 2017, was finally discovered in February 2018. A new variant of EvilOSX was released in February.
Intego discovered a brand-new Mac malware dropper in February, OSX/Shlayer. It comes in the form of a Trojan horse masquerading as an Adobe Flash Player update, but what makes it unique is that it uses code-signed shell scripts to download additional undesirable software; we observed variants that downloaded various Mac adware packages.
At the beginning of February, a malware developer tricked a popular Mac software aggregation site into replacing its download links to point to infected copies of Mozilla Firefox and two utility apps. The infection, OSX/CreativeUpdater, would download cryptocurrency mining software and run it in the background.
In March, Apple's own App Store even had some shady software slip past the review process. A calendar app was causing Macs to run slower, louder (due to increased fan noise), and hotter than usual, among other undesirable side effects—all resulting from the addition of a cryptocurrency miner. After media attention, Apple pulled the app from the App Store.
Threat actors will continue trying to hijack others' computing power to mine cryptocurrencies for as long as they believe they can profit from it. Time will tell whether ransomware (quite the hot topic a year ago) regains some popularity if malware developers are unsuccessful in making as much money as they'd like from surreptitious mining operations.
Macs Aren't More Secure
While Mac users would like to believe that their systems are secure, the truth is that Macs really aren't more secure than Windows PCs.
In the early days, Windows was susceptible to viruses and Macs were generally safe from this subcategory of malware. Thus, the old saw about "Macs don't get viruses" was a fairly true statement. However, these days neither operating system is highly susceptible to viruses, but they're both susceptible to vulnerabilities and malware.
One notable example this year of insecurity parity is the Meltdown and Spectre vulnerabilities. Macs have used the same Intel processors as PCs for more than a decade, and Apple had to release Meltdown and Spectre patches for macOS, just as Microsoft and many other companies were obliged to do for their products. Incidentally, several Apple products that don't use Intel processors—namely iPhone, iPad, and Apple TV—were also affected by Meltdown and Spectre and required operating system updates.
And similar to Microsoft with its monthly patch cycle, Apple also releases security updates on a regular basis—sometimes multiple times per month—as needed to address critical security vulnerabilities in its products.
Patrick Wardle, a researcher who frequently discovers major Mac security vulnerabilities, recently opined that "Windows does security better than macOS."
Given the beating that Microsoft took for years from malware such as Melissa, Code Red, Nimda, Blaster, and others, it's no surprise that Microsoft stepped up its security game by including active malware protection as a basic Windows feature, offering multiple bug bounty programs, and so forth.
Apple's efforts are paltry by comparison; its attempts to block malicious downloads have only slightly improved since 2011, and there isn't even a bug bounty program for macOS. For a company that has cash reserves of over $285 billion—twice as much as Microsoft, and far more than any other company in the world—Apple could certainly afford to do a lot more to protect Mac users.
What Can Mac Users Do?
In spite of these challenges, there are six basic steps that every Mac user can take to protect their systems.
1. Only Download Software from the Official Source
Whenever possible, download apps from the App Store. If you need software that isn't available from the App Store, go to the developer's official site to obtain it; don't attempt to find it through a third party.
2. Only Use Software with a Good Reputation
Read reviews before you download an app. Take a minute or two to learn about the developer. If you find potential red flags, find out whether a more reputable alternative is available.
3. Keep Your Operating System and Applications Updated
One of the most important things you can do is to upgrade yearly to the latest release of macOS, which usually includes new security enhancements. Although Apple often releases security updates for the current and two previous versions of macOS, sometimes certain vulnerabilities never get patched or may be delayed for the older macOS versions. Also, whenever Apple releases security updates, don't put off installing them.
4. Don't Connect to Insecure Wi-Fi Networks
Avoid connecting to insecure wireless networks that don't require a password. Even if a Wi-Fi network requires a password, you cannot make the assumption that nobody can eavesdrop on your traffic. Use a VPN from a trustworthy provider to safeguard your Internet use from snoopers.
5. Implement a Solid Backup Strategy
Keep in mind the 3-2-1 backup principle: You should always have at least three copies of your data, two of which are local and on different types of storage, and one that's in a secure, off-site location.
6. Use Security Software from a Trusted Company
Since the Mac's built-in defenses against malware are neither sophisticated nor comprehensive, use anti-virus software and an outbound firewall from a respected security company.
It's a myth that Macs are inherently more secure and don't get malware. The same types of threats and threat actors that target other platforms are also targeting Macs and will continue to do so. Moreover, attacks such as cryptojacking and phishing campaigns are universal and can affect any platform. It would be unwise for anyone to smugly assume that they'll never be the victim of an attack. Be open to the possibility that it could happen to anyone—even a Mac user.
Users who remain proactive in safeguarding themselves will certainly be a lot safer than those who don't. If you know a Mac user who isn't very aware about security, kindly consider sharing this article with them; you might save them from becoming the next victim.
About Steve Kelly
Steve Kelly is President of Intego & Flextivity and has been a visionary leader in the software and technology industry for nearly 25 years with experience in both early phase start-ups and some of the largest public companies. In 1995, Steve was a co-founder at Kaspia Systems (Enterprise Network Management software), which was acquired by Visio in 1998.