28th August 2023
Unfortunately, they can!
Apple's marketing on their website used to claim "A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to the built-in defenses in Mac OS X that keep you safe, without any work on your part”.
When Apple made this statement as part of their marketing campaign, it was true that the vast majority of malware/viruses could not infect Macs— but only because most of the malware in existence was compiled for Windows, and could not run on Macs. Since then, the number of Macs being used worldwide has increased massively, and so has the amount of malware that is actively targeting Macs.
Thankfully, Apple has since removed this claim from their website, but the misinformation seems to remain; that Macs don’t need anti-virus.
In May 2021, Apple’s software chief Craig Federighi, while testifying during the Apple vs. Epic trial, stated “Today we have a level of malware on the Mac that we don’t find acceptable.” Federighi also stated that over 300,000 Macs were affected by malware between May 2020 and May 2021, including members of his own family.
While macOS does not provide the same level of malware protection as dedicated anti-malware apps (such as ClamXAV), macOS does have two security features, XProtect and Gatekeeper, that help form a first layer of defence against malware.
If you’ve ever seen a message like the one below when you’ve tried to open an app you’ve downloaded and installed from the internet, you’ve seen Gatekeeper in action. Gatekeeper enables you to either allow apps downloaded from the App Store and identified developers, or only allow apps downloaded from the App Store.
In theory, restricting the apps allowed on your computer to only apps downloaded from the App Store would significantly cut down on malware, but it wouldn't stop it completely. Over the years there have been many instances of malware slipping through the net and ending up on the Mac App Store. Irrespective of that, most people don’t choose this option, opting instead to "Allow apps from the App Store as well as identified developers" as the App Store simply limits the range of available apps too much. This option isn’t as secure as it seems, and can still allow potentially malicious software to be installed.
To counter this, Apple offers XProtect - Apple’s built in malware detection tool. XProtect checks for malicious items when an app is first launched, when an app has been changed, or when the XProtect signatures are updated.
The downfall of XProtect is that the signatures are not updated as regularly as, for example, the malware database in ClamXAV. This means that XProtect does not have the most up-to date information to detect malware on your computer. There is also no way to trigger an XProtect scan on demand. That, combined with the fact that it only checks apps, not your whole computer, makes it less effective than other anti-malware options.
The malware that is most commonly seen in Macs is Adware. Adware is software that is installed on a Mac, and has constant pop-ups or advertisements for Potentially Unwanted Applications (which you can find more on in our upcoming “What is a PUA” blog post) or other items you may not actually want to purchase - or even see on your screen! While at first glance it may not seem immediately malicious, it’s definitely something you do not want on your computer.
PUAs are a problem on Macs, partially because Apple’s built in protections (Gatekeeper and XProtect) do not detect them to the same degree that they detect other forms of malware, and partially because they don’t directly harm a computer. Instead, they take advantage of a user by convincing them to purchase a subscription or an app that performs an unnecessary task, and may slow down their computer.
To best protect yourself and your Mac while online, the easiest thing to do is to ensure you’re using a trustworthy anti-malware/anti-virus program such as ClamXAV.
We also suggest keeping up-to-date on basic cybersecurity practices, such as those touched upon in our Cyber Security series of blog posts.