Is your Mac acting kind of…weird? Whether you’re seeing adverts you can’t explain, or your system is unreasonably slow, you might think the problem is malware. And you might be right (but probably aren’t).
Back in 2009 my co-worker Jackson asked whether Macs need virus scanners. The common consensus at the time was “no”, but Macs have grown in popularity since then – and not surprisingly, so has Mac malware.
This doesn’t mean you should panic: widespread Mac infections are still rare. Odds are your Mac is clean, even if it seems otherwise.
What Is Mac Malware Like?
Having said that, infections do happen; here are some examples from the past few months:
- Wirelurker was distributed via pirated Mac software. It attempted to infect any iPhone or iPad plugged into infected Macs, spreading from one platform to the other and collecting your devices’ unique IDs in the process. No one is sure what the goal of this malware is, but one researcher thinks it’s trying to identify Chinese software pirates.
- iWorm infected users who downloaded pirated software from The Pirate Bay. Infected Macs become part of a global botnet.
- CoinThief infected users by pretending to be legitimate software, and stole any BitCoins stored on the infected Mac. Ouch.
Learning From These Examples
All of these infections have one thing in common: they infect Macs through software installed outside of the Mac App Store. In some cases pirated software is to blame; in others it’s software from sources that shouldn’t have been trusted.
Put simply: if you never install software from outside the Mac App Store, you don’t have anything to worry about. Sure, there are some browser-related exploits from time to time, and Java is an ongoing concern, but if your OS X and browsers are up-to-date such infections are pretty unlikely.
And if you do install software from outside the Mac App Store, but are careful to research software before installing it (Googling for a review, and finding an official download), you also don’t have anything to worry about.
On the other hand: if you’ve pirated Mac software, or installed plugins at the request of a site offering pirated movies, you might have problems. Let’s go over a few signs that your Mac might be infected, just to make sure.
Sign 1: Unexpected Ads and Pop-Ups
Adware is becoming an ever-bigger problem on the Mac platform. If you’re seeing ads in places they previously didn’t show up, there’s a good chance you’ve installed something you shouldn’t. This is particularly true if you get pop-up ads even when you’re not browsing the Internet.
Sign 2: Your Mac Is Slow For No Reason
As I said before: some Mac malware makes your Mac part of a botnet, which is a global network of computers used for all sorts of things. If your Mac is infected, it could be helping to DDoS a website, mine BitCoins or any number of things that take up CPU power.
If your Mac is constantly slow, even if you don’t have any programs open, this is a possibility.
Odds are malware isn’t your problem, though. You’re probably better off reading about how to speed up your Mac, but malware is worth looking into if none of those tips work.
3. A Malware Scanner Confirms Infection
Think your Mac might be infected? Make sure. Here are a few free programs you can use to scan your Mac and find out about any infections:
- BitDefender Virus Scanner for Mac is a free tool. It won’t delete infections for you, but it will point out where to delete them using the Finder. Note that the latest release has some issues, according to user reviews.
- AdwareMedic scans for and deletes a number of common Adware infections on your Mac. It’s a quick scan, so try it if you’re seeing way too many ads. Donations are requested, be sure to contribute if the program helps you.
- ClamXAV is the Mac version of ClamAV, a popular open source malware detection tool. It’s well worth a look.
If none of these tools come up with anything, it’s extremely unlikely that your Mac is infected. There are other such apps out there – if you know of something better, please let us know in the comments.
What Security Does My Mac Come With?
Your Mac has defenses in place that should keep you safe from malware, though like all such measures it’s not completely foolproof. Here are a few reasons why you don’t need to worry (much):
- Gatekeeper, which helps protect your Mac, stops uninformed users from installing potentially unsafe software. By default this means anything not from the Mac App Store, but you can also configure it to block apps from unknown developers. Of course, many Mac users disable Gatekeeper completely so they can run whatever software they like, including things they’ve compiled themselves. The hope is that well-informed users will research the apps they run before installing it.
- Sandboxing. Apps installed through the Mac App Store have very limited access to the broader system, a limitation intended to stop one app from messing up your entire system.
- XProtect, officially called File Quarentine, is the anti-malware program you didn’t know you had. Part of OS X since 2009, this program isn’t like Windows anti-viruses – it’s completely invisible to most users. You can’t open the program and run a scan yourself, and you can’t manually install updates. But if you’re infected with a known virus, odds are this program will eventually notify you. It also stops you from opening infected files.
- Obscurity is another frequently argued advantage of the Mac. Macs have a growing market share now, but for a long time there were so few active computers running OS X out there that malware creators didn’t bother to target them. This is called “security through obscurity” – and more than a few security experts will tell you it’s a load of crap – but for a long time it comforted Mac users. Of course today, with a growing Mac user-base, this applies less than before – but Windows remains the primary target for malware makers.
- We’ve also explained System Integrity Protection (SIP) in newer macOS versions.
You’re Probably Not Infected, But Stay Informed
If you want to stay informed about Mac malware, I recommend TheSafeMac.com. This blog, by Thomas Reed, offers up-to-date information about the latest Mac malware. I couldn’t have written this post without that site, so consider subscribing if you want to stay informed.
Have you ever had an infected Mac?