Macs were immune to the widespread WannaCry ransomware attack, the huge cyberattack last month that targeted older versions of Windows. Before Mac users become too comfortable or smug, you should know that although Macs are less frequently the target of cyberattacks than Windows PCs, they have been attacked in the past and will undoubtedly be targeted again.
Wait, there have been Mac attacks?
Why, yes there have. Earlier this year, the same Russian hackers believed to be behind the hack of the DNC during last year’s presidential election released the Xagent malware that went after Macs to steal iPhone backups. And last year, KeRanger, the first real-world ransomware to target Macs, made the rounds. Earlier attacks include Flashback in 2012 and an adware Trojan in 2013.
Why do they happen less often than PC attacks?
Two reasons, and both involve money. Hackers get more bang for their buck by targeting Windows machines for the simple fact that there are more of them. You fish where the fish are — Windows owns a much larger percentage of market share than MacOS. Secondly, hackers often buy malware-writing tools to create their attacks because it’s easier and cheaper than building malware from scratch, and there are more of these tools out there for Windows platforms. But as the above exhibits show, Macs are occasionally targeted.
OK, fine, what can I do to protect my Mac?
MacOS has two built-in tools to protect itself from viruses: Gatekeeper and XProtect. They work in the background to prevent you from installing malicious code on your Mac.
Gatekeeper blocks you from installing apps outside of the Mac App Store that haven’t been approved by Apple. Developers can get an ID from Apple to digitally sign their app. When you attempt to install an app without such an ID (or have been altered since obtaining the ID), Gatekeeper will block the app. You’ve probably seen this warning:
If so, that’s Gatekeeper doing its work. You can set Gatekeeper’s level of alertness in System Preferences > Security & Privacy to allow app download from only the App Store or from the App Store and Identified Developers.
XProtect is a malware-scanning tool that checks a downloaded app when you go to open it against a list of malicious apps. If it finds a match, you’ll see a warning like this:
In order for Gatekeeper and XProtect to stay ever vigilant, you need to keep these apps up to date. Apple updates them as part of MacOS updates. To check to see if an update is available, click the Apple button in the the top-left corner, click About This Mac and then click the Software Update button. Better yet, turn on automatic updates by going to System Preferences > App Store and check the box for Automatically check for updates and Install system data files and security updates.
Should I be using an antivirus app?
Even if you are staying up to date, there is the chance that you could come into contact with malware before it’s added to XProtect’s blacklist and gets infected. If you are concerned about that possibility, then perhaps you’d take comfort in a second set of eyes monitoring your Mac. There is no shortage of antivirus apps for MacOS, many of which are free.
What about emails with weird links or asking for personal information?
Even the best antivirus apps are powerless against a phishing scam where you provide information or click a link or open an attachment that can install a Trojan Horse on your machine. Be wary of emails from unknown senders with an offer too good to be true or asking for personal information such as login info or bank account numbers.