Most Mac users don't worry about security too much. Since the majority of malware targets Windows and macOS does a good job of keeping you safe out of the box, it's easy to get complacent.

However, there are Mac security threats in the wild, and many of them come from user behaviors. Here are some dangerous practices than can infect your Mac with malicious software.

1. Download Dangerous or Pirated Software

Mac Gatekeeper Warning

The easiest way to mess up your system is to install sketchy Mac apps from random corners of the web.

In many cases, distributors of pirated software are only interested in making paid tools available for free. However, you can never fully trust cracked software, as there's no telling what someone could have added into the package along the way. Indeed, many historical examples of macOS malware have arrived in pirated software downloads.

The safest places to install Mac apps are the Mac App Store and directly from trusted developers. By default, macOS's Gatekeeper feature will only let you run apps from authorized developers, and displays a warning if you try to run an untrusted app.

Often, a legitimate developer might not have the money to register with Apple. You can step around this warning when that happens, but it's important to make sure you trust the app when you do this.

2. Neglect App and macOS Updates

Mac-Up to Date

Everyone gets tired of seeing prompts to update their Mac or its software. But leaving your system unpatched makes you much more susceptible to attack.

Often, macOS system updates fix known vulnerabilities to keep you safe. If you continue to run an outdated version for months, you could fall victim to an attack that Apple has long since patched. Keeping yourself on the latest OS version means you're one step ahead of malicious actors.

This is also the case for apps on your computer, especially your browser. There have been historical cases where popular Mac apps became infected with malware, such as the BitTorrent client Transmission in 2016. People who had the app on their system but never bothered to update it were open to attack for some time.

Thankfully, macOS makes it easy to update your apps and system. On macOS Mojave and newer, open the App Store and check the Updates tab to download new versions of App Store apps. You'll find macOS software updates under System Preferences > Software Update.

For apps downloaded from other sources, you'll need to open them and check for updates manually. You'll usually find a Check for updates under the Help or app menu. At other times, you'll find it in the app menu on the About [app] page.

3. Run Flash Player and Java

Once upon a time, browser plugins like Flash Player and Java were essential parts of the web, as they enabled you to enjoy multimedia content on all sorts of sites. However, with today's web, these runtimes have fallen out of favor and barely anyone needs to use them.

Very few websites require Java or Flash now. Adobe plans to retire Flash at the end of 2020, and nearly all browsers have blocked Java for years. So you likely haven't opened yourself up to attack in this way, but it's still wise to check if you're using these plugins and remove them if so.

To check, open System Preferences under the Apple menu. If you see an entry for Flash Player or Java, you have it installed.

Uninstalling Flash Player on Mac

Get rid of Flash Player by visiting Adobe's Mac Flash Player uninstall page. Under the Download the Adobe Flash Player uninstaller header, click the download text next to Mac OS X, version 10.6 and later. Run the tool and it will remove Flash Player.

To complete uninstallation, you should also remove the following files from your user directory: 

        [USER]/Library/Preferences/Macromedia/Flash\ Player
    
        [USER]/Library/Caches/Adobe/Flash\ Player

How to Remove Java From Your Mac

Removing Java from macOS is a bit more complicated than installing it. First, press Cmd + Space to launch Spotlight search and open Terminal. Once the Terminal window is open, paste each of the below commands one at a time and press Enter to run them: 

        sudo rm -fr /Library/internet\ Plug-Ins/JavaAppletPlugin.plugin
    
        sudo rm -fr /Library/PreferencePanes/JavaControlPanel.prefPane
    
        sudo rm -fr ~/Library/Application\ Support/Oracle/Java

We've looked further at why Java isn't as big of a security risk nowadays if you're interested.

4. Disable Your Mac's Built-in Protections

SIP Protection in Terminal

As we mentioned earlier, macOS has several built-in layers of protection. One of these, System Integrity Protection (SIP), was introduced with OS X El Capitan. Essentially, SIP prevents users and programs from making changes to core parts of the OS.

The addition of SIP stopped a lot of Mac deep system tweaks from working. As a result, you might look to disable SIP so you can use these old tools again. While it is possible to disable, doing so is a bad idea, as turning off SIP drastically reduces your security.

With no barrier to your protected OS files, malware could get in and wreak havoc. There are certain troubleshooting circumstances where you do need to turn off SIP for a short time, but you should always turn it back on right away to reduce risk to your system.

This is also the case for Gatekeeper, the feature that prevents unauthorized apps from running on your system. As mentioned, macOS allows you to allow apps only from the App Store, or from the App Store and identified developers. You can enable an Anywhere option using the Terminal, but this isn't a good idea.

It's smarter to run potentially untrusted apps on an as-needed basis so you don't accidentally let something slip through.

5. Ignore Basic Signs of Danger

Just because you use a Mac doesn't mean you should neglect to follow basic security practices. While it's not as easy to accidentally pick up something nasty on a Mac, you should still keep an eye out for common forms of online attack.

Don't click links or attachments in emails unless you're sure you trust them. And avoid clicking fake links or popups that prompt you to install updates.

You should also know how to find malware on your Mac. If you think you might have done something that opened up your Mac to attack, run an anti-malware scan with a tool like Malwarebytes for Mac.

It's also smart to be aware of widespread security vulnerabilities like Meltdown and Spectre, or the KRACK Wi-Fi exploit. While these don't solely affect macOS, they still open Mac users up to attack in other ways.

It's Up to You to Avoid macOS Malware

As we've seen, most Mac users will hopefully never run into a malware attack. The biggest threats to your system come from third-party software, so it's vital to vet what you allow on your computer. A bit of proactive thought will help keep your system safe in the long run.

Think your Mac is already infected? Find out how to check if your Mac has a virus.