The Anti-virus Times

Monday, June 26, 2023

Myth: no anti-virus is needed on a Mac

“I have a Mac, so I don’t need an anti-virus” — is one of the most common phrases among macOS users.

Previously, it was believed that since macOS computers are much less common, macOS-targeting viruses aren't created because supposedly it’s unprofitable for cybercriminals. Apple itself has also given assurances that its computers are securely protected and cannot get viruses. For example, this was explicitly stated in their 2006 commercial “Get a Mac. Virus”. Apple still claims that its products are extremely resistant to malware infections. For example, in 2022, the company emphasized that the new blocking mode feature is a mechanism designed to protect Macs “from extremely rare and complex cyber attacks” for “very few people”, and “threats of this nature never threaten most users”.

However, this is a misconception that is actively supported by the company itself. In fact, viruses for Macs exist — and they have always existed.

The first viruses for Apple-manufactured computers

The first computer virus appeared in 1982 — and it was written specifically for Apple II computers. Fifteen-year-old Richard Screnta wrote the virus called Elk Cloner. The virus did not harm the system — it only showed the user a small poem every 50th reboot. ElkCloner is recorded in history as the first self-propagating program.

Soon really dangerous viruses emerged. In 1986, the nVIR virus crashed Apple computers, interfered with the launch of other applications and made squeaking sounds, while displaying the message “Don't panic!” The Sevendust virus (aka “666”) completely destroyed all records from the Mac hard drive, leaving a file called “666” in the Extensions folder.

When Apple computers started running macOS, viruses targeting it also appeared — in 2006, the first virus for macOS, OSX/Leap-A, was recorded; it deleted all files from the hard drive. And in 2012, there occurred one of the largest infections of computers running macOS — the Flashback Trojan, which allowed criminals to download malware to a computer. It infected the systems of more than 600,000 users, which at that time accounted for more than 1% of all Apple computers. The scale of the “epidemic” was discovered by Doctor Web virus laboratory specialists — they pointed the infection out to Apple so that their developers could close the vulnerability in the system. Even back then, experts noted that the total number of infections suggested that the number of Mac users had reached “critical mass” — and over time, virus writers were only going to be more interested in this platform.

Viruses for Macs: today

As of February 2023, macOS’s global market share was 16.26% — compared to 2012, it had more than doubled. It is worth noting that Macs are often chosen by developers and C-level executives, which makes this system more attractive to attackers. Targeted espionage and supply chains are the two most common targets for attacks on macOS. New malicious and unwanted software for macOS is constantly appearing.

In addition, the use of cross-platform attack mechanisms is the most significant trend in modern virus writing — for example, more and more cybercriminals are using development languages such as Go (a programming language created by Google). This allows them to attack computers no matter what OS the victim is using. Users and businesses using macOS are being targeted by attackers just as much as those using the more common Windows and Linux.

Viruses written specifically for new Apple M1 CPUs have become a separate security challenge for Macs. The code of such viruses, initially compatible with the M1 architecture, is not always detected by anti-viruses as being malicious, which makes macOS users especially vulnerable to attacks.

Is there protection on the Mac itself, and do I need an external anti-virus?

Macs do have a security system, which Apple describes as one that “supports best-practice protection from viruses and malware”. What are the layers of defence?

However, this feature of macOS — the inability to run executable code without the user's knowledge — has not only advantages, but also disadvantages. It’s easy to deceive people, and trojans exist precisely for this reason: they hide behind other programs and files, and users themselves activate unwanted or malicious software. And since utilities are often downloaded on Macs not only via the official App Store and from official sites of developers, but also from unidentified sources, including pirated directories, Macs are always in danger of getting infected.