There’s an age-old belief in the tech world that Macs don’t get malware. Well, we know that isn’t true – Mac security firm Intego uncovered several new threats specifically targeted at Macs in June 2019 alone, and notable instances of Mac malware have been uncovered in the past. But is it true that Macs are less vulnerable than Windows PCs?
Macs have a lot of built-in features that can be powerful tools in the fight against malware. But are they enough? These features come with every Mac by default, so is there really a need to install third-party antivirus software on your computer? We asked the experts.
Vulnerabilities in Apple’s systems
The belief that Macs are fairly resilient to malware isn’t just idle fanboy-ism. Windows PCs make up roughly 90% of the market, making them a much more attractive target to malware makers.
And Macs really do have some stellar built-in tools that protect you right off the bat. For example, when you download an app off the internet, your Mac checks it against a list of known malware apps using XProtect. It works invisibly in the background, meaning it needs no maintenance or activation and doesn’t slow down your Mac. Gatekeeper, meanwhile, will prevent the app from opening without your permission if it hasn’t been digitally signed as safe by Apple. And now, Apple has even started notarizing apps so that they can prove they are trustworthy.
But there are gaps in the armor that protects Mac users’ systems. Apple’s layer of security relies on adding quarantine tags to suspicious or outright malicious software, and this then prompts the warning dialogue you see when you try to open them.
Thomas Reed, Director of Mac & Mobile at security firm Malwarebytes, told me that the defenses aren’t as comprehensive as it seems. “Adding that flag is not a requirement, and not all software does [it],” he explained. “For example, torrent software often doesn’t, while at the same time being used heavily in piracy.”
“The nature of sandboxing on MacOS actually restricts antivirus software.”
In addition, XProtect’s list of malicious file signatures is hardly all-encompassing. Reed explained that it only checks files against 94 rules, “a tiny fraction of the rules found in any more powerful antivirus engine.” Kirk McElhearn, co-host of Mac security firm Intego’s podcast and a writer on malware topics, concurs that XProtect only looks out for “a handful of strains of malware.”
“By default, for example, [an antivirus app] cannot get access to most of the files on the hard drive. Even if you grant access to the entire hard drive, many of those files cannot be removed by an App Store app. This means App Store antivirus is less likely to be able to detect all threats and is also less likely to be able to remove all threats.