The Myth Of Complete Mac Security

Apple has long touted security as a selling point for Mac OS X. While it's the case that there are far more viruses for Windows than Mac, but the notion that Mac users don't need to have any concerns about security is a myth that deserves to be well and truly busted.

It's widely acknowledged that the number of active, in-the-wild viruses, trojans and other nasties aimed specifically at Mac platforms is much lower than for Windows. In part, that's because the Unix roots of Mac OS X make it harder to devise that code. In greater part, it's because Mac simply isn't as popular a platform. Apple's large market share in smart phones and dominance in tablets hasn't yet made a serious dent in the popularity of Windows.

Windows security is much better than it once was — options like User Access Control cut off many obvious problems — but it still remains more vulnerable by virtue of sheer scale and a large pool of often ignorant users. But one platform being more targeted does not equate to its rival being completely safe.

Apple itself has acknowledged that security is an issue that needs addressing more. Its plans to incorporate Gatekeeper, an enhanced security platform, into the forthcoming Mountain Lion release underscore that point for anyone who didn't believe it when Apple added malware scanning technology to Snow Leopard. Gatekeeper's new contribution is allowing you to restrict app installation to apps from the approved Mac App Store. But as I commented at the time Gatekeeper was announced:

A common argument for buying a Mac is the idea that it’s “more secure” and “can’t get viruses”. The first is a vague and contestable statement; the second simply isn’t true. The two important points to recognise are that security is about much more than whether you get a classic computer “virus” — it encompasses anything that might compromise your personal data — and that a vital factor in keeping your system secure is human behaviour.

No matter what the merits of the underlying infrastructure, all that security protection can be eliminated by a user who is determined to install a given piece of software. Often that will be because of greed. One of the more active Mac vulnerabilities — one which actually led Apple to build the rudimentary XProtect scanner technology into the OS — got distribution by pretending to be a free installer for Apple's iWorks suite.

Gatekeeper's default option also isn't a perfect solution. Even assuming you're willing to do restrict yourself in that way, it means you're relying solely on Apple to protect you, and that's unlikely to be a perfect solution. Obvious criminal code might get picked up, but security is also about protecting your personal data. Having allowed iOS apps to readily access personal contact data, Apple can hardly be said to have a perfect record.

And Gatekeeper doesn't do anything to address vulnerabilities that can be exploited using documents or web sites, or data downloaded via torrents or on USB sticks. Many of these vulnerabilities are fixed by Apple's regular system updates, but some users don't install these as regularly as they should, and some deliberately stick with older releases because they don't have suitable hardware or they don't like the changes in newer versions. Regardless, there's no guarantee that one day such a vulnerability won't be exploited before a patch becomes available.

To stay secure, Mac users need to follow the same fundamental steps as Windows users: ensure that their systems are regularly patched to eliminate newly-discovered vulnerabilities, exercise common sense when visiting unknown web sites and installing unfamiliar software, and adopting appropriate security technology such as firewalls, scanners and security suites. The risk of a malware infection might still be lower than on Windows, but it isn't non-existent, and a blasé attitude enhances that risk. Why wouldn't you take any reasonable steps to ensure your systems and personal data are secure?

Lifehacker 101 is a weekly feature covering fundamental techniques that Lifehacker constantly refers to, explaining them step-by-step. Hey, we were all newbies once, right?

Republished from Lifehacker



    "... but the notion that Mac users don’t need to have any concerns about security is a myth that deserves to be well and truly busted"
    Who propagates this myth more than the media? Apple has never, ever said that OS X is bulletproof. What they usually say is, 'not affected by Windows viruses'. Moreover, Apple's historical use of the term 'just works' is commonly used by some to state that Apple thinks no Mac will ever crash, and every Mac is impenetrable.

    "In part, that’s because the Unix roots of Mac OS X make it harder to devise that code. In greater part, it’s because Mac simply isn’t as popular a platform. Apple’s large market share in smart phones and dominance in tablets hasn’t yet made a serious dent in the popularity of Windows."
    The first sentence, is completely correct. You can't do much damage without escalating user privileges, so without a password there isn't much that can be done to OS X. But overall, Macs are outgrowing PCs in the United States ( despite the truth that indeed there are more Windows PCs than Macs. As for the last assertion, well there's plenty of proof that the iPad is eating traditional PC market share ( and yet iOS (thanks to its sandbox, but overall, the same BSD underpinnings that comprise OS X) is still the preferred security king in mobility.

    "Gatekeeper’s new contribution is allowing you to restrict app installation to apps from the approved Mac App Store"

    ...and any app not on the Mac App Store signed with a Developer Certificate, that Apple will give out for free, and not vet in any way either.

    "... got distribution by pretending to be a free installer for Apple’s iWorks (sic) suite ..."
    For copies of iWork that were downloaded via BitTorrent.

    "Many of these vulnerabilities are fixed by Apple’s regular system updates ..."
    Better clarification is needed on this one; XProtect.plist updates itself as required, not in point updates to OS X ( -- as you insinuated above. They have nothing to do with the manual point updates, that indeed, users need to explicitly approve.

    "Regardless, there’s no guarantee that one day such a vulnerability won’t be exploited before a patch becomes available."
    True, and even that old stalwart called 'anti-virus' wouldn't fix that.

    "To stay secure, Mac users need to follow the same fundamental steps as Windows users ..."
    Are you insinuating that the 'blasé' attitude that you mention afflicts OS X users means that they don't think before they open files, or download content?

      Don't know if you're delusional or what because

      "Apple has never, ever said that OS X is bulletproof. What they usually say is, ‘not affected by Windows viruses"

      Just watch their "I'm a Mac" ads, they propagate this misconception to its fullest. While they never add the very important disclaimer about "Windows Viruses", they leave the meaning well open to interpretation.

        Uh huh, but _I_ said: "Apple has never, ever said that OS X is bulletproof". I'm not talking about what they're _not_ saying (which you are).

      While you might be savvy enough to realise that this doesn't outright claim that Mac OS is impervious, it completely ignores the existence of Mac Viruses and allows the consumers' imagination to run wild, leading to the "Macs don't get viruses" myth, a myth that Apple has so far, never attempted to correct.

        Find me a single computer manufacturer that says "Sometimes our computers get viruses" in their marketing, or shut up.

          they don't need to, it is a given that you purchase antivirus with a new computer, and often it is already installed as bloatware. Apple simplifies things, making users not need to get extra applications, creating the misconception that they don't get viruses.

          Alan, don't waste your ions replying to Steve, he's just a troll trying to get noticed

      "But overall, Macs are outgrowing PCs in the United States"

      Maybe in your fantasy land, but not in the real world:

        Outgrowing means that MACS are 'growing' sales at a faster pace percentage wise than PC's which is true. PC's are still the number one choice for businesses and because of price are still the number one choice for homes, which is just about everybody. Forgwtting about all the Windows 7 machines out there, there are still millions of Vista (gag) machines out there and many, many more Windows XP machines still out there.

        What's being said about MACs not getting viruses are old statements not said by Apple by rather insinuated by them some time back which at the time and only for a very short span was true. This was picked up by unscrupulous sales people and turned into "MACs do not get viruses which is why you should buy one." Unfortunately this has now been a round for many many years. So Steve above is right in that Apple never said that, but almost ALL Apple stores were saying that and even in this past year we have a MAC specialty store in Vancouver that still tells people they do not need AV software. Not only are they doing a disservice to their clients, they are also loosing easy add-on sales. Note that in the Last quater of 2010 there were more NEW viruses, trojans and malware aimed at MACs than there were aimed at PCs. On that note, in general based on percentages, new Viruses for MACs are outgrowing new virus for PCs. This is mostly due to the fact that (a) finally there is a somewhat large amount of MAC users to target, (b) there are now more busineses that have adopted MACs which make for targets worth attaching and (c) because of the above mentioned sayings there are still tons of un-protected MAC users (easy targets) out there. Thats what prompted Angus to write this article in the first place!

    Uh oh. I can hear the indignant responses from iFans erupting very soon..

      Glad to see you've made a *great* contribution to the discussion.

        And you have?

          You bet I have.

            You clearlyhaven't, you're just making long and drawn out responses defending a corporation's underhanded marketing, or lack thereof.

    A report published last year suggested that more than 80% of malware targeted the stupidity of users to get round any security issues by getting the user to install it for them. There is only so much you can do to protect sheeple from themselves.

    The chief danger comes with the use of pirated software- people downloading torrents and such of popular programs they want free. Because they're using a Mac they're more complacent about security... And this is how quite a lot of users were bitten a while ago.
    It's also the only way I've ever had a virus infection on a Windows machine, even with a good antivirus solution I wasn't protected, but it was my own stupid fault (can't blame the OS or the antivirus), and I haven't done anything like that since.
    The best security is to have sensible, vigilant users who don't do stupid stuff. Apple doesn't tend to encourage vigilance, which is worrying, since it's a great platform for older computer users who tend to be a good target for attacks.

      The only sheeple I know that say the word sheeple, are sheeple.

    I haven't heard anyone use that line about macs not getting viruses since like '04...

      I still hear it pretty regularly. Maybe you just hang around more savy users?

    I use it every day cause its true ;)

    As this article states, there are more windows users than Mac users. Yet for some reason whenever an article says anything (good or bad) about apple products, someone invariably attacks Mac users as fanboys. What's up with that, WinFans? Get a life.

    MacDefender could install itself without asking for any user permissions just by a user going to the right website (problem with Safari). I wonder if we got it at work, one lady kept talking about macdefender wanting to install itself all the time, hope she missed the worst of it.

    Is it just me, or does everyone else see this article surrounded by Trend Micro ads?

    Just sayin...

      It's just you. AdBlock is a wonderful thing.

    been using a mac virtually 24hrs/day since 1985.. never had a macs 10 yrs old still running perfectly and quick.never seen a win box last more than 2 yrs. Word is some of the worst bloated software ever written.Win is a paranoid mess. Wake up you idiots

      lol, such a fanboi.
      Us people living in the real world know how much rubbish your dribbling.

        Remember this image? This is why you shouldnt buy a mac.

        Wake up you iDiots!

    the best antivirus available in my opinion is common sense. I stopped using antivirus on my windows computers quite some time ago. in this time i have had no signs of infection, computer runs fine, no account passwords stolen, ect ect...
    all these "virus" claims are just to scare people into spending money.

    The thing is, no Operating Systems can really get 'viruses' anymore. As in, something that gets in without your permission.

    They can get 'Trojans' though, which are due to the user. While even a smart user can get tricked by a Trojan once, it's still the users' responsibility. In my opinion, it's not OS security. If you found a USB stick on the road, and plugged it in, and got malware, would you blame the OS?

Join the discussion!

Trending Stories Right Now