Antivirus for Mac
Do a search on your preferred search engine and you’ll find mixed results. From the actual antivirus companies advertising stating you really need antivirus software on your Mac to various blogs, forums and websites that state you really don’t. So which one is it? Do you or don’t you? I’ll state my case and have you make up your own mind.
Virus VS Malware
In my opinion, a virus is malware (MALicious SoftWARE) and malware is a virus, no real need to separate the two terms anymore as the lines between the definitions blur and you don’t want either of them on your machine. I think viruses are slowly getting extinct and malware is taking over. Someone that puts a significant amount of time, and possibly money, into creating malware wants more than just play a prank or destroy a user’s system which is typically what a virus does. It makes much more sense to put that effort into creating something that can steal data, credit card information or use the user’s computer resources, which is typically what malware does. No viruses have been found in the wild that affect Mac but there definitely is malware for the Mac OS out there. So far in 2013 alone there have been 3 active malware found for Mac. One is just AdWare that installs on your system, modifies your browser which results in you seeing a lot more advertisements. This one is called Okaz and was around in April. Another piece of malware exploited a vulnerability in Office for Mac, named CallMe, in April. Before that there was Pintsized, this created a back door allowing a hacker to gain access to your Mac and steal your data and information. This was in february. So malware for Mac exists and can infect your Mac too.
OS X’s built in security
While the Mac OS is a very robust and generally safe OS, as described above, threats exist. Not nearly as many as there are for Windows but as Macs become more and more popular and the user base grows, so does the interest of malware creators. With more people to target, it justifies the time and money used to write the malware. Since 10.6 Snow Leopard Apple offers built in malware protection which alerts the user if a file is opened containing malicious code. This feature has been enhanced and malware definitions have been added over time and is known as XProtect. Also there is GateKeeper, announced in 10.7 Lion, which will alert the user if the application or document they are about to open came from a potentially untrusted source (internet). Decent defenses which can keep some of the malware out but in a test I recently did I found XProtect severely lacking and GateKeeper more often than not ignored by users who have come to think of it as annoying rather than a helpful security measure. So GateKeeper gets ignored and XProtect does not do what it is supposed to do (I’ll cover this later on in this post). What defenses are you left with?
You are your first defense, or at least, you used to be
Not installing software you don’t know, trust or know where it came from. Not visiting shady websites. Don’t click on links in poorly written phishing e-mails. You know the drill and you think you are doing a good job keeping the malicious code away from your system. Unfortunately this is not enough anymore. The previously mentioned Okaz was put on systems that installed VLC player and UnrarX, trusted applications that have been around for a long time, who could have known the installers were altered to install AdWare? Big name companies and websites get hacked or compromised more and more often, your banking website could be one of them tomorrow and you won’t know. Just an example. Trusted sources are no longer trusted, any website can be compromised, any installer can be altered, anything online is a potential risk. So, one less defense you can really count on.
So not as protected as you thought you were, still, malware for Macs is rare
Compared to Windows the malware statistics for Mac are very small indeed but, and i’m sorry to say, Mac users are much more gullible than Windows users when it comes to installing / downloading / accepting / opening files. Simply because ‘The Mac can not get infected with a virus” is still the Nr 1 belief for many users out there. This is something the MacDefender malware made a very successful play on in 2011. Posing as a fake antivirus it would tell users their Macs were infected with trojans, malware and viruses. Random porn sites would pop up enforcing the belief the Mac was infected. No way?! What to do?! Please MacDefender, clean them from my Mac, sure, here is my credit card info, please fix it! Money gone, malware still on your Mac (MacDefender) and all other reported viruses and trojans didn’t exist. MacDefender successfully infected hundreds of thousands of Macs and the only reason it was able to do so was because Mac users were (and still are) not vigilant or aware that threats for Mac are real. Flashback is another example. Malware for Mac is real, an active threat and it can infect your Mac without you knowing even if you áre being careful.
So how do you defend your Mac and your data?
You guessed it, antivirus software! Yes it is needed, has been needed for a while and will only become more necessary in the future.
AppleSerialNumberInfo.com tested every available Mac Antivirus in late 2012, the most extensive test done for Mac antivirus software. At the time the testing was done on multiple Macs and a few malware samples were available. This test was done because they also believe Macs need antivirus software and they wanted to show what the best options out there were. They took into account how many of the samples were detected, what the performance impact on the various systems was and of course how the antivirus software itself behaved. A great test that has helped many visitors since decide on which software to use and which software to stay away from. There were a few problems with the tests though. First, not enough malware samples from different malware families to really give an accurate reading on detection rates. Second, as new malware was discovered and applications were updated, more tests had to be done to ensure the results were accurate and up to date, this takes up a huge amount of time they did not have so the results became outdated (not obsolete though).
SecuritySpread.com is proud to take over from them. I am currently taking the existing test and updating it. More malware samples, refined testing methods and detection rate updates that can be done as soon as new malware samples are added to the database. It will take some time to get the tests done for every available product and to avoid confusion I will not posts the results of a tested app until I am completely done.
In the tests I am currently running i have found that XProtect is, in my opinion, almost useless. It only detects a very limited amount of malware families. Each malware family has multiple samples. For example MacDefender was changed several times resulting in MacProtector, MacShield, different files installed in different locations on the Mac etc. Each one is a sample. XProtect does not recognize all samples so malware can still be installed on the system. Out of the test I did with 189 Mac malware samples, only 10 were detected. Not only that, Macs that are already infected will not receive ANY help from XProtect as it only checks software that is about to be installed, not what’s already on the system. Since XProtect can break and is usually not updated immediately when new malware is discovered, this can still leave a lot of Macs vulnerable to infection.
Have a look at the above mentioned website if you are interested in getting your Mac protected with an antivirus, there are paid and free options. Once the tests have been updated i will post the results immediately.
