Do Mac users need to start running extra security software to protect themselves from malicious software, malware? The good news is that Macs will be unaffected by the Conficker worm you may have read about, which may be infecting Windows computers as you read this. However, Mac users can hardly afford to be complacent.
What Is Malware?
“Malware” is the general term for viruses, spyware, worms, and other digital nasties which Windows users are perpetually defending themselves against. It is, broadly speaking, the software you didn’t intend to be placed on your computer. As with human diseases, symptoms may or may not be visible. But malware can steal your personal information, provide a conduit for spam distribution, attack websites in concert with other hijacked computers, or simply wreak havoc on your computer while distributing itself to others. Do not want.
How does malware get on to your computer? It can arrive transparently via specially constructed websites that exploit security flaws — aka bugs — in browsers. It can be inadvertently agreed to by you when you don’t read the fine print before clicking “Agree” when you install the software. It is often the result of a rogue email attachment or a deceptive link to a website that you click.
This is why Windows users must run security software products intended to protect their computers from these intruders. These require yearly subscriptions to stay up to date with the latest threats. (And don’t even get me started on the fraudulent “security” packages, which are themselves malicious software.) the problem is that the medicine is sometimes as worse than the disease; most security packages make themselves all too visible, flashing incomprehensible warnings regularly, slowing down your computer while they scan everything in sight, and generally keeping you in a constant state of alarm, which, of course, is intended to get you to resubscribe and upgrade.
Malware and the Mac
But what does this have to do with the Mac? Well, once upon a time, before Mac OS X, when dogcows roamed the earth, there was, in fact, malware that targeted Macs, and many users did indeed use anti-virus software (which, it’s worth noting, was annoying and intrusive even then). But for most of this decade, Mac users have had the luxury of living in a state of blissful obliviousness to the unpleasantries of malicious software and the crud needed to avoid it. The fact is that in the nine years of Mac OS X’s existence, there has not been any major outbreak that has hurt Mac users. This was one of the #1 reasons to buy a Mac, even if you consider all other things being equal.
Lately, however, there’s been a lot of reporting that Macs are vulnerable and will be targeted by rogue software if they haven’t been already. This year, pirated copies of Apple’s iWork ’09 infected several Macs, permitting them to be secretly controlled, under the hood, by unseen others across the internet. (This is an extreme example of getting what you pay for.) It’s not a real virus in that it doesn’t spread or exploit a flaw in the system; it would never happen to you if you didn’t, ahem, install the software you didn’t pay for. All the same, it means there are compromised Macs out there. Is it the tip of the iceberg?
Yes, it is, except that the iceberg will be more of a large popsicle. In other words, we really don’t see the Mac universe teeming anytime soon with the level of byte disease that the Windowsphere unfortunately does. But that doesn’t mean that Mac users can afford to be sanguine about their seemingly secure computers. Maybe Macs will never have the same quantity of evil software, but all it takes is one well-crafted piece of nasty code to cause many users a lot of pain.
We’ve Changed Our Tune.
Why have we changed our tune about this? Well, we believe Macs have remained off the bad guys’ radar screen all this time for two reasons. The first is the comparatively tiny market share. If the point of your software is to spread itself, why target 5% when you can target 90%?
But the second reason is that to write any software for a Mac, good or bad, you need to, well, buy a Mac. That means dropping real money to be able to write some nasty software for it. You couldn’t just download a free copy of the operating system on the internet and install it on your PC…except that that’s no longer true. You can, in fact, find modified copies of Mac OS X which will install on ordinary PC’s. This means that as Apple’s brand visibility and market share growth, it is now easier for malware creators to target their products in corners near and far.
Quite honestly, we still have a hard time telling Mac users that they absolutely have to have anti-malware software installed. The truth is that right now; there is no genuine malware threat to mainstream Mac users. We’re still in Eden. You can still open your email without fear. But in our gut, we feel the coming of age of Mac OS X into the mature operating system that it now is, comes with a loss of innocence. Yes, a Mac user can do without extra security software. But I can’t say with confidence that will be true in a year.
We hope we haven’t alarmed you — that isn’t our intent (to the contrary, we hate the way the manufacturers of security products stoke the coals of users’ technological fears). But we feel we wouldn’t be doing our job if we didn’t let you know what was out there. We feel sure Mac users will never have anything approaching the depth and variety of Windows users’ malware problems. But at the same time, it’s unlikely that Mac users will be able to live without anti-malware software indefinitely.
If you have a Mac and think you want to start running security software, there are a few titles to choose from, and we don’t endorse any one of them (at least not yet). With that said, Intego VirusBarrier is the leader in the space; it’s been around for quite a while, is reasonably well received, and the company is exclusively focused on Macs. Some of the big guns from the PC world — Norton, McAfee, and Sophos — have also re-entered the Mac fray after dropping out for a bit. Finally, ClamXav is free and performs basic scanning with quarantining apparently infected files, though no actual file repair or virus removal.
A final word of warning to users who run Parallels Desktop or VMWare Fusion to run PC software on their Macs: you’re just as vulnerable as you would be on a real PC, and even your Mac files are vulnerable if you make use of shared folders to access the “Mac side” from within the PC. It will help if you run anti-virus software on your virtual machine. A decent free one is at http://free.avg.com.