Are you interested in seeing a non-alarmist, data-driven, and realistic assessment of the existing malware threat environment for the Mac platform? If so, you’ll want to watch this hour long presentation from Thomas Reed of Malwarebytes. Recorded at the 2018 MacAdmins conference at Penn State University, Mr Reed uses hard data found from the Malwarebytes scanner and removal tools to offer a “data driven look” at existing threats to the Mac.
You’ll find a lengthy discussion on the most common malware found to be impacting Macs, including malware of all forms, spyware, cryptocurrency miners, keyloggers, ransomware, scamware, junkware, sketchy payloads that attempt to change DNS servers and start trying to download junk to computers, fake Adobe Flash installers, fake software installers and fake updates, fake anti-virus software, fake anti-adware apps, fake scanning apps, nagware and potential malware, junky “cleaner” apps, junky “antivirus” apps, dubious ‘backup’ apps, controversial apps, sketchy launch daemons and launch agents, government malware (!), even authentic apps bundled inside dubious installer packages or outright malware installers, and other malware and garbage that is sometimes erroneously referred to as a virus or trojan horse (both of which are actually fairly rare on modern Mac OS).
Keep in mind this is a technical talk presented to Mac systems administrators, but it’s undoubtedly going to be interesting for other Mac users who are curious about the subject matter discussed.
The full hour long video, titled “A Data Driven Look at the Mac Threat Landscape”, is embedded below for easy viewing:
Now I know what you’re thinking after reading this, or after watching the presentation; “what can I do to protect myself?”
The good news is that Macs are pretty secure by default, and by following some common sense tips you can avoid most malware and other threats on the Mac platform. Often simply avoiding installing any apps from any untrusted sources and keeping a skeptical eye on any third party apps, avoiding dubious web pages and the shadier parts of the web (and never installing anything offered from there), dismissing any pop-ups from webpages ‘warning’ you of some impending disaster (which are almost always scams trying to install some junk onto your Mac), using SIP (which is enabled by default, don’t turn off SIP), keeping strict Gatekeeper rules (which is the default in macOS, most people should not change the Gatekeeper settings), allowing XProtect to stay up to date (this is done automatically behind the scenes by being online), or even just avoiding installing unneeded apps and controversial apps (MacKeeper is an example of a controversial app, you can learn how to remove MacKeeper if desired), and, if you feel like it, there are some tools and resources available to help as well.
One popular security tool is the Malwarebytes app for Mac (which is also the company that presenter Thomas Reed works for, but don’t worry the presentation is not some giant commercial for a product).
Malwarebytes offers a free and paid version, but you can use the free version for scanning and cleaning of detected infections. The paid version offers additional features that may be desirable for some users, but it’s not necessary to get the premium version if you simply want to scan and remove any found malware on a Mac.
Another excellent resource for more advanced Mac security tools is Objective-See, which is run by a brilliant security researcher named Patrick Wardle. Mr Wardle offers many free tools to boost the security of Macs, some of which we have covered here before (like using Oversight to detect camera and microphone access on a Mac). You can browse through the Objective-See collection of security tools here:
Speaking of Mr Wardle, if this general topic interests you and want to get even deeper into the technical weeds, an excellent presentation from Patrick Wardle is available here, offering an advanced guide to understanding Mac malware.
And of course we have a large library of security related articles to browse through here covering many Apple products, covering a wide range of tips and tricks on what is a very broad but increasingly important topic of information security.
Anyway, don’t freak out about Mac security. The above presentation offers a great detailed look at what the real risks are, and remember that following some simple precautions is usually enough to ward off the majority of threats, malware, trojans, and other potentially problematic junk that could impact your Macintosh experience.