Apple Security - Are they really virus-free?
"Macs don't get viruses" is a line often heard and usually delivered with a nonchalant shrug by many Mac users since the '90s. Assessing if this is the reality, however, is a worthwhile exercise in the light of the recent statements from Malware Bytes, a producer of anti-malware software.
Immune to Viruses?
When IT pros talk about viruses, they mean something very specific. A virus is a piece of code that is designed to corrupt a computer’s system or an application, and replicate itself, kind of the way a biological virus does. This is different from applications that are designed to cause harm, which more often referred to as ‘Malware’. Often, the term ‘virus’ and 'malware' are used interchangeably but, it is worth understanding that they are two different things.
Some of the reasoning behind Mac's supposed immunity to these kinds of threats can be summarised like this -
- The vast majority of PCs in use are Windows devices. This means that the best way to quickly catch as many people as possible is to design your virus, or malware, for Windows. If a virus designed for Windows finds its way onto a Mac, it can’t do anything because it doesn’t understand the system it is in. This is also sometimes referred to as 'security through obscurity'.
- The macOS is secure by design and doesn't need any additional help. This is down to the UNIX language macOS is built on. UNIX is designed to keep settings and applications ‘sandboxed’, meaning that they have ‘walls’ built around them to stop malware spreading as well as requiring 'permissions' granted by the user inputting their password.
Apple leaned into this as part of their advertising campaign back in the 2000's -
While it is most certainly true that Windows has the majority of the market share when it comes to home and business PCs, Apple is catching up, and malware creators are getting smarter. It can also be argued that Macs are a softer target if its users believe they are invulnerable to any threats.
Free vs Paid for Virus Protection
If you do decide you would like some extra protection, then what are your options? As with most types of software these days, there are free versions and paid-for versions. Often the free version will offer basic protection with a paid-for add-on for extra protection. This is how AVG works. You can see the differences between the free and paid-for versions here:
Other free options may only protect under specific circumstances. For example, Malwarebytes only checks for threats when you run a scan. It won’t stop a threat as it comes in but, will pick it up when you run a scan. The major advantage of this approach is that it doesn’t affect performance. If you have protection running in the background at all times, it will pick up threats immediately but could be slowing down other tasks on your machine.
When considering whether to use free protection or paid protection it is also worth thinking about how often it may be updated to deal with new threats. Paid protection is almost always more likely to be updated more often. We've all heard the phrase ‘you get what you pay for’.
Be Secure Online
Some threats don’t discriminate based on what system you are running, as they rely on fooling you into trusting them with your personal information. The one most familiar to many of us would be emails pretending to be from banks, or other major companies people have accounts with (Apple, PayPal, etc). Ironically they pretend there has been a security threat and ask you to click a link and log in.
NEVER CLICK THE LINK!
Most often, the link takes you to a very convincing but fake website. The aim is to get your login details. This becomes a bigger issue if you use the same password for different services. Even if you think it is legitimate. ALWAYS go the website yourself, and log in. In fact, because of this type of scam, legitimate emails often do not include any links and guide you to find the website yourself.
Another way to keep yourself safe is to avoid using public WiFi. With most mobile phone plans including ever increasing data allowances, as well as the increased speeds of 4G (and soon 5G), there is a lot less need to use public WiFi now. The convenience of public WiFi, often without the need for a password or account, is also a contributing factor to the risk. If you can get on it without any security checks, so can anyone else. Many of these networks are vulnerable to what is known as 'Man-in-the-middle' attacks, which intercept the data between your device and the internet. You can read more on this on a previous article we wrote here.
Again, the weak link with Mac security is often the person sat at the keyboard. If you are not sure what you are downloading, don’t download it. If you are sent an email out of the blue asking you to log in to your account (any account), don’t click the link; find another way to the website. If you are unsure, ask someone you trust for a second opinion.