Is Mac Malware a Threat Yet?

Malwarebytes discovered Fruitfly malware for Macs

Dr. Mac’s Rants & Raves
Episode #233

With McAfee Labs releasing its Threats Report last week, malware is once again in the news. (See 2017 McAfee Threat Report Shows Spike in Mac Malware, which Jim Tanous wrote for TMO last week, for example).

Malwarebytes discovered Fruitfly malware for Macs
Dr. Mac still hasn’t found a need for continuous monitoring malware protection on his computers

What IS Malware, Anyway?

Let’s start by defining malware (courtesy of Wikipedia):

Malware (short for malicious software) is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including viruses, worms, Trojan horses, ransomware, spyware, adware and more.

The McAfee report claims around 250,000 new instances of macOS malware in the first quarter of 2017 (out of a total of just over 700,000). But, here’s the thing… While it may be true there’s more Mac malware these days, the report goes on to say,

During the past three quarters, new Mac OS (sic*) malware has been boosted by a glut of adware.

Here’s how I read that: The number of instances of Mac malware went up, but we’re not seeing more of the really bad stuff like viruses, worms, Trojan horses, ransomware, and spyware. Instead, we’re seeing more and more annoying adware.

Does YOUR Mac Need Protection from Malware?

Moving right along, whenever malware is in the news, people ask me what I use to protect my Mac from malware. I (still) say, “nothing,” as I have since time immemorial.

That’s not to say there aren’t real threats to Mac users—there are. And that’s not to say you might not want to run anti-malware protection—and perhaps you should.

But here’s why I eschew running anti-malware stuff on my Mac:

First and foremost: I don’t engage in (much, if any) risky behavior. I don’t click links in emails from strangers, download apps from questionable sources, use questionable media, or visit questionable web sites. I keep versions of macOS and all of my web browser(s) up to date on all my Macs. And, as you have probably noticed, I’m also obsessive about redundant backups.

So, even if one of those bad things did happen to me, it wouldn’t take me long to recover.

The other thing is that I’ve never used anti-virus or anti-malware software that didn’t cause me issues. Some slowed my Mac down; others gave too many false alarms; others seemed to do nothing at all, leaving me wondering what if they were doing anything at all…

The Bottom Line (for Me) on Malware

The bottom line for me is that Apple’s built-in Gatekeeper technology and common sense have kept me safe from malicious attacks for years. I still see no good reason to run a third-party anti-malware utility on my Mac. And since I don’t use one, I have no recommendations.

If you feel you need third-party protection from malware, Macworld UK posted an excellent article last week called, Best Mac Antivirus 2017, which includes general buying advice, answers to Mac security questions, performance testing, and the 8 best Mac antivirus options and an explanation of how they were tested.

One last thing: Most of Macworld’s picks offer a free trial. I recommend using it to determine whether you find running the software annoying (as I do) before you pay for it.

Caveat Emptor.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Oldest Most Voted
Inline Feedbacks
View all comments

People seem to think that Mac malware is getting more dangerous. At least that’s the impression I get from all the mainstream and not Mac specific sources publishing new materials on mac malware and orevention, even tackling mail security, it seems
But even they acknowledge it’s more overthinking than any actual immediate threat. It’s worth being sure and safe, but i still believe Mac is the safest platform when it comes to viruses, malware and all that stuff.

Kate Mackenzie

Malwares and cyber attacks have been too much this year but i dont think its russia who has been the one doing the attacks. I think they are being used as scrapegoats. Anyway those infected can use this guide to remove the malware from their systems

Lee Dronick

Yesterday on NPR Radio I caught the end of a story about how the Russian intel agencies inspects cource code of software. If you don’t submit your code then you get stonewalled trying to get import documents for your products.

From I understand the recent ransomeware attack started with some Ukrainian tax software.


Absolutely, McAfee is utterly untrustworthy. They are on the level of Symantec. Their packages are themselves malware. I don’t trust anything either of them say because it is in their interest to make the situation look far worse in order to increase sales. And I do agree, the risk is lower with a Mac, but it is growing. The bad guys, and I include various government sponsored bad guys, are trying very hard to break in. They want in both to steal stuff and to use the system as a bot. In the end it matters little if the infection… Read more »

Scott B in DC

I think I commented on this report when it was discussed before. IT’S FUD! There is no factual or statistical basis for McAfee’s assertions. It looks like they just threw some numbers against the wall to see what sticks. And so on… I’m really tired of the FUD. While I don’t think the Mac is perfect and there are vectors, specifically with Safari like with any other browser because the browser model is broken, the risk to Mac users are lower than for their Windows counterparts. But if it makes you feel better to feed McAfee and their compatriots your… Read more »


–housekeeping post, ignore–


Wait… So if the malware blocker reminds you it’s there doing its job that’s bad, but if it does its job in the background without interrupting you that’s worse? I’ve used both Sophos and Avast. They haven’t caused any performance hit that I noticed. When I wanted to scan something it was easy. Occasionally they’d either warn me, or I’d check and find something in it had moved to quarantine and I would delete it. When I check the reports I find enough things they catch to make it worthwhile to me. I keep in mind several things 1) I… Read more »