Is Mac Malware a Threat Yet?

Malwarebytes discovered Fruitfly malware for Macs

Dr. Mac’s Rants & Raves
Episode #233

With McAfee Labs releasing its Threats Report last week, malware is once again in the news. (See 2017 McAfee Threat Report Shows Spike in Mac Malware, which Jim Tanous wrote for TMO last week, for example).

Malwarebytes discovered Fruitfly malware for Macs
Dr. Mac still hasn’t found a need for continuous monitoring malware protection on his computers

What IS Malware, Anyway?

Let’s start by defining malware (courtesy of Wikipedia):

Malware (short for malicious software) is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including viruses, worms, Trojan horses, ransomware, spyware, adware and more.

The McAfee report claims around 250,000 new instances of macOS malware in the first quarter of 2017 (out of a total of just over 700,000). But, here’s the thing… While it may be true there’s more Mac malware these days, the report goes on to say,

During the past three quarters, new Mac OS (sic*) malware has been boosted by a glut of adware.

Here’s how I read that: The number of instances of Mac malware went up, but we’re not seeing more of the really bad stuff like viruses, worms, Trojan horses, ransomware, and spyware. Instead, we’re seeing more and more annoying adware.

Does YOUR Mac Need Protection from Malware?

Moving right along, whenever malware is in the news, people ask me what I use to protect my Mac from malware. I (still) say, “nothing,” as I have since time immemorial.

That’s not to say there aren’t real threats to Mac users—there are. And that’s not to say you might not want to run anti-malware protection—and perhaps you should.

But here’s why I eschew running anti-malware stuff on my Mac:

First and foremost: I don’t engage in (much, if any) risky behavior. I don’t click links in emails from strangers, download apps from questionable sources, use questionable media, or visit questionable web sites. I keep versions of macOS and all of my web browser(s) up to date on all my Macs. And, as you have probably noticed, I’m also obsessive about redundant backups.

So, even if one of those bad things did happen to me, it wouldn’t take me long to recover.

The other thing is that I’ve never used anti-virus or anti-malware software that didn’t cause me issues. Some slowed my Mac down; others gave too many false alarms; others seemed to do nothing at all, leaving me wondering what if they were doing anything at all…

The Bottom Line (for Me) on Malware

The bottom line for me is that Apple’s built-in Gatekeeper technology and common sense have kept me safe from malicious attacks for years. I still see no good reason to run a third-party anti-malware utility on my Mac. And since I don’t use one, I have no recommendations.

If you feel you need third-party protection from malware, Macworld UK posted an excellent article last week called, Best Mac Antivirus 2017, which includes general buying advice, answers to Mac security questions, performance testing, and the 8 best Mac antivirus options and an explanation of how they were tested.

One last thing: Most of Macworld’s picks offer a free trial. I recommend using it to determine whether you find running the software annoying (as I do) before you pay for it.

Caveat Emptor.

7 thoughts on “Is Mac Malware a Threat Yet?

  • People seem to think that Mac malware is getting more dangerous. At least that’s the impression I get from all the mainstream and not Mac specific sources publishing new materials on mac malware and orevention, even tackling mail security, it seems
    But even they acknowledge it’s more overthinking than any actual immediate threat. It’s worth being sure and safe, but i still believe Mac is the safest platform when it comes to viruses, malware and all that stuff.

  • I may try Sophos or Avast for a manual scan (I just used Drive Genius 5’s new malware scanner and it flagged some old emails with windows viruses (but nothing else). But I still won’t run one full-time. I see Avast has a scheduler- maybe I’ll try that for a while.

    Note that I still don’t believe I NEED this stuff… But I’ll check it out because I know lots of folks who do need it and should run something.

  • Yesterday on NPR Radio I caught the end of a story about how the Russian intel agencies inspects cource code of software. If you don’t submit your code then you get stonewalled trying to get import documents for your products.

    From I understand the recent ransomeware attack started with some Ukrainian tax software.

  • Absolutely, McAfee is utterly untrustworthy. They are on the level of Symantec. Their packages are themselves malware. I don’t trust anything either of them say because it is in their interest to make the situation look far worse in order to increase sales.

    And I do agree, the risk is lower with a Mac, but it is growing. The bad guys, and I include various government sponsored bad guys, are trying very hard to break in. They want in both to steal stuff and to use the system as a bot. In the end it matters little if the infection comes in via a bad site, a bad link in an e-mail, or a worm. Whether it is North Korea, a Byelorussian mobster, or some punk down the block. It makes no difference if it targets you or you get caught up in an attack aimed at Israel or Ukraine. There is a risk. It is not inconsequential. It is not getting less over time. And the consequences of an infection can be massive. Wasn’t there a story in the last couple of months about a bunch of hacking tools, Win and Mac belonging to US security agencies getting stolen and dumped on the web? Sure most of them were old vulnerabilities, but you can be sure they’re working on more modern exploits. And those will get stolen and sold as well.

    FWIW the two packages I mentioned are free. So it can cost you literally nothing for a bit of added protection. Protection that runs in the background, and just monitors. Without slowing your system. Without being in your face. You have smoke detectors in your house even the risk is low. The vast majority of automotive air bags never get deployed. As the old saying goes the time to get insurance is before you need it.

  • I think I commented on this report when it was discussed before. IT’S FUD!

    There is no factual or statistical basis for McAfee’s assertions. It looks like they just threw some numbers against the wall to see what sticks. And so on…

    I’m really tired of the FUD. While I don’t think the Mac is perfect and there are vectors, specifically with Safari like with any other browser because the browser model is broken, the risk to Mac users are lower than for their Windows counterparts. But if it makes you feel better to feed McAfee and their compatriots your hard-earned cash rather than being careful, then go right ahead. Who am I to stop you from buying snake oil!

  • Wait… So if the malware blocker reminds you it’s there doing its job that’s bad, but if it does its job in the background without interrupting you that’s worse?

    I’ve used both Sophos and Avast. They haven’t caused any performance hit that I noticed. When I wanted to scan something it was easy. Occasionally they’d either warn me, or I’d check and find something in it had moved to quarantine and I would delete it. When I check the reports I find enough things they catch to make it worthwhile to me.

    I keep in mind several things
    1) I regularly get messages using the spoofed address of someone I know, or is trying to appear to be from a company I work with. You can’t assume that because the message came from your wife that it’s safe.
    2) Malware can infect regular sites, including TMO or 9to5Mac through contaminated ads that get pushed out. You don’t have to hit tottally to catch something.
    3) Even legitimate software from legitimate sources has occasionally come out with Malware hiding in it.

    As far as I’m concerned AntiMalware packages are like condoms. If you’re at the point where you wish you had one, it’s too late. Better to have one just in case.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.