The Complacency of Myth: Why Mac owners must be vigilant
Just about everyone who owns a Windows-based computer understands they must have a firewall and malware protection installed on their machines. The more savvy users know they must run multiple applications since each of the malware detection applications have known weaknesses.
An unprotected Windows computer with an Internet connection will be infected with some sort of malware essentially immediately. With 0 seconds to compromise, there is no choice for Windows users but to have defenses in place. They know that.
The last time I had to install a Windows OS, there were 200 security updates required AFTER I completed the install. And, of course, there are cases were Windows computers are delivered to users with malware pre-installed. (Link to previous post about the Lenovo laptop malware.)
For years, Mac users have believed themselves exempt from malware. You’d hear Mac owners say this with a certain hubris. The reason isn’t that a Mac is inherently more secure. They’re not. It’s just that when 90% of computers have a Windows OS, why would a Black Hat programmer or script kiddie waste time writing or deploying malware for anything else?
Those days are gone and any Mac owner who is not taking precautions is assuming a no longer insignificant risk. Here’s a screen-cap from a search for “OSX Yosemite Malware.”
But Wait, There’s More!
Not convinced you should worry?
This article should be sobering: “According to the 2014 [Kapersky] report, the average Mac user faced nine threats in the past year.” And this: “The study tracked nearly 1500 new malware programs targeting OS X over the past year, 200 more than in the previous year.”
If you are an average Mac user who has no malware detection application running, are you confident that none of those 9 attacks succeeded against your machine?
Here’s a Mac Forums link from 2014 where a user asks for help with removing malware from his new MacBook Pro.
This article should give you pause: “What Elite Hackers Do When Encountering an iMac”
These elite hackers wanted nothing to do with an iMac because they consider the iMac to be inherently insecure: “In one case, what the person did was turn the iMac to face the wall, unplug it, and for good measure, toss a towel over it to ensure complete privacy.” Here’s another link to the story.
In 2012: Mac malware installed a backdoor.
Got your eye on one of those spiffy new MacBooks? Well, there’s a security flaw with the new USB-C used by the MacBook and there’s no solution yet: “The additional openness and flexibility of USB Type-C comes with more attack surface,” says Karsten Nohl, one of the researchers who first discovered BadUSB.”
There’s a bigger problem outlined here.
“Here’s the deal. Terrorist leaders use iPhones. They are a status symbol, and status symbols are important to leaders. Moreover, since Apple’s security is actually pretty good, terrorists use the phones for good reason (most Android devices suck at security, even the Blackphone). Getting software onto terrorist’s phones, or basebands, is an important goal of intelligence.”
Followed by this:
“Instead, their [the CIA’s] goal is to target the hundred users of a hawala money transfer app used almost exclusively by legitimate targets. The idea is a black bag operation to break into the teenager’s apartment who wrote the app in order to backdoor his/her XCode, so that all users can be identified.”
If government agencies are doing this sort of thing, why would you think Black Hats didn’t get there first?
Another recent article from November 2014, “WireLurker: A New Era in OS X and iOS Malware” should worry you, too. “WireLurker, a family of malware targeting both Mac OS and iOS systems for the past six months. We believe that this malware family heralds a new era in malware attacking Apple’s desktop and mobile platforms.” One of the vectors? USB. Your phone can infect your iMac.
Be Safe(r) Out There
Don’t be complacent.
Sophos has a series of free tools that will help protect your Mac or iThing. (Android, too.)
Here’s the Apple page on Yosemite security settings and options:
- https://www.apple.com/osx/what-is/security/
Secure your Mac /iThings to the fullest extent possible.
I switched to a Mac in January after years upon years with Windows, and when I asked about protection at the Apple store, I was told not to worry about it. I’d much rather be safe than sorry. Thank you for this.
First, welcome to the collective. And second, with free tools out there there is no reason not to take precautions.
Thanks for this post. I am also a relatively new Mac owner (just switched last year) and thought Macs were safe from malware. Argh. Going to go check out those links.
How does AVG compare with Sopho’s free antivirus software? We have AVG Free for our PC desktop and laptop, so it is a familiar name.
Switched to a Mac last year too and was told that it didn’t need anything more. Will be looking into these addtional security measures. Thanks.
The Sophos web site seems to not work for me. I click on free trial and nothing happens. What up?
@Susan Proctor:
Susan: The Sophos link should take you directly to the page of Sopho’s free tools (not free trial) You may need to scroll down to find the product you like to download. The Sophos Anti-virus is the main one you’d want. There’s a blue “download” button, click that and the dmg should download. Then follow the normal Mac process.
If you don’t see anything like what I’ve described then you’d need to check your browser settings.
If you ended up at the Sophos home page, then click on “Products” then, over to the right, you’ll see a small top menu with the words “Free Tools” click that, and you’ll be at the correct page.
Thanks for writing this blog post. With the popularity of Macs, it’s crazy that retailers are still telling customers that they don’t need to bother with security. I’ve had Macs for the past four years and use Sophos tools. They’re free and effective.