Apple’s marketing people might have put themselves on a shaky footing when they downplayed the susceptibility of OS X to malware in those Mac versus PC ads. While pointing to over 120,000 viruses on the Windows platform, the ads used the phrase (to quote approximately), “but not on Macs.” But that statement was strategically weasel-worded. It didn’t necessarily mean there were no malware problems on a Mac, only that there were far fewer.
Over the years you heard about proofs of concept, meaning that antivirus software companies were able to build or recreate them in a laboratory, but it’s not as if such infections actually occurred in the wild. Even though antivirus apps were regularly updated to protect you from theoretical infections, the malware outbreaks rarely impacted Mac users in the real world. But that doesn’t mean Mac users were necessarily safe. Remember that there were occasional malware eruptions in the days of the “Classic” Mac OS. Sure, OS X’s Unix core might be more resilient to malware, in theory, some of the earliest computer viruses were created years ago on the Unix platform.
One reason for the relative lack of Mac viruses was the theory of “security through obscurity,” meaning that since the Mac user base wasn’t terribly high to begin with, the virus writers who were responsible for malware preferred to pay attention to the Windows platform, where it was always possible to find hundreds of millions of potential victims. At the same time, it’s not as if Microsoft didn’t do things to shore up the platform, although it happened rather late in the game. Security experts say that virus writers now have a harder time finding susceptible Windows PCs. The victims are usually consumers who have let their subscriptions to antivirus software expire. If the apps aren’t regularly updated, they won’t detect the latest malware threats.
But most Mac users don’t use antivirus software. That creates a significant potential market for virus writers to spread their misery. It hadn’t amounted to much until 2011, with the arrival of the MAC Defender Trojan Horse. That was a brilliant effort at social engineering, because many thousands of Mac users were lulled into believing that their computers, having received an online scan at one of the criminal Web sites, were infected by a computer virus. They were asked to pay for a faux malware protection app to rid themselves of the virus. MAC Defender acted like a typical Mac app too, asking you to enter your password to install the malicious software, and going through the standard setup process.
More recently, the infamous Flashback infection appeared. It was first presented as a Trojan Horse, masquerading as a Flash player, but the virus writers responsible for that outbreak moved the delivery mechanism into sites that, when accessed in your browser, would launch a Java applet and do their stuff, amounting to a what is referred to as a “drive-by” infection. Some 600,000 Macs were allegedly infected, which represents roughly one percent of the number of recent Macs in use around the world.
Upon infecting a Mac, Flashback was able to harvest personal information and Web logs, and I would assume that would include usernames and passwords. So if your Mac was invaded by Flashback, maybe it’s a good idea to change all the passwords you use for online transactions. Or perhaps look to one of those Mac apps that can manage your passwords with a single secured entry point, using a master password.
Now Mac antivirus companies have regularly updated their products to protect you against the newly-discovred infections. They often defended against Windows viruses too, the theory being that a Mac user may inadvertently infect a Windows user via email. As for Apple, they rarely said much publicly about malware. The possible need of antivirus software can be found in various support documents, of course. Beginning with Snow Leopard, Apple included software that provided a limited degree of malware protection, with detection strings updated behind the scenes, so long as you had an active Internet connection of course. But the updates were infrequent until MAC Defender came along.
After the onset of Flashback, Apple released three Java security updates, first to detect Flashback’s presence, and, with the final Java release, automatic removal. The third Java update also turns off the ability to run Java applets, which can be enabled again in the Java Preferences app in the Utilities folder. While Java is often needed for online meeting services and interactive chat rooms, most Mac users won’t have to worry about it. There’s also a separate removal tool for those who were infected by the Trojan Horse version of Flashback.
Now even though Flashback represents but one of a very few severe Mac OS X malware outbreaks (such things have been common on the Windows platform for years), that hasn’t stopped the fear mongering. One online commentator, writing about IT people who deploy Macs on their networks, insists that, “Being able to handle Mac security effectively requires a real depth of knowledge and understanding about Mac OS X.” No, it basically requires installing antivirus software on those Macs, making sure the autoupdate features are activated, the subscriptions are current, and that their Mac users are required to follow the same safe computing practices they use on Windows PCs.
To add to the potential misery, there is a report of yet another malware attack, a Trojan Horse called “SabPub” that exploits a Java vulnerability and can spread through Microsoft Word documents. The information I’ve read about this Trojan Horse doesn’t say anything about whether Apple’s recent Java fixes have closed that vulnerability. However, there’s nothing to indicate that the threat is serious — at least not yet.
Until recently, the Night Owl suggested that installing antivirus software wasn’t essential. The recent evidence has forced me, reluctantly, to change that point of view. You can find free or low-cost antivirus software in the Mac App Store, or go directly to the sites run by the major antivirus companies to find something suitable. Unlike the Mac OS of old, today’s security apps shouldn’t impair the performance of your Mac, even if you install software that does background scanning.
While it’s encouraging that Apple has started to step up to the plate to protect Mac users from malware, I do not think they plan to replace third-party antivirus software, but merely provide basic protection. Surprisingly, that’s what Microsoft has already done under Windows.