TechTonic is a Boston based team of IT experts with a focus on Apple and Mac integration
(617) 301-6280

Mac malware is real

sad mac

Mac malware risk

Its time for our customers and macOS users to take the threat seriously. The risk is real and we have an answer.

by Scott Morabito

For as long as I’ve been working in IT and Apple, customers have always asked me whether they need to worry about viruses and malware on the Mac. Whenever I was asked that question I would recall the days of MacOS 9 when there existed a worm that traveled between floppy and ZIP drives infecting random files. Back then, antivirus products were barely available for Windows, and completley non-existent for Mac. My reply to customers all of these years has been relayed with a combiation of confidence and pride: “Macs are not a target”.

When the iPhone gained traction, I had concerns that the prevalence of the device would make it a target – and it was. The good news is that iOS is very secure due in large part to the required curation of apps that can be installed. Although the iPhone is a big target, the security and features sets keep them protected.

Macs, however, are another story. Unlike iOS which was developed from scratch by Apple in the 200o’s, macOS 10 was build from UNIX. The whole point of UNIX was for research and development purposes a.k.a “power users”. A creator of malware of viruses can be referred to as a nefarious power user. In other words, the ability to do powerful things is at the core of the OS.

Even though macOS (previosly known as OS X) has been a potential target, the have not been many exploits written and extremely low relative to Windows. Anectodatlly, almost ever Windows users I’ve known has had some sort of massive system corruption over the years due to malware. Working in the Apple IT industry, I honstley cannot recall once incident like this.

A few things have changed over the last year that have elevated my concern for macOS users. The PC market share for Macs is hovering between 12% and 14%, up from 4% 10 years ago.
[http://www.gartner.com/newsroom/id/3568420] [https://www.macrumors.com/2017/04/11/q1-2017-worldwide-mac-sales-up-amid-pc-decline/] I see the effect of this every day with organziations I work with. I have the opportunity to regularly work with Fortune 500 and Fortune 1000 companies and they are rolling out (and relying on) fleets of Macs in places you’d never imagine 10 years go. As number of Macs grow, they become a larger target.

Another change we’ve seen has been the increase in Malware written for macOS. One antivirus vendor McAfee reported a 744% jump in malware in last year. They admit most of this was Adware, but these are big numbers. [https://9to5mac.com/2017/04/06/macos-malware-mcafee-threat-report-april-2017/]

Last year we also saw the first real ransomeware delivered on a Mac via the Transmission app (used for bittorrent file sharing) and more recently a very popular video compression application Handbreak was infected with malware. It should be pointed out that these applications were not Apple AppStore apps, but these are applications that my customers use.
At this point it is safe to assume we don’t know where the next attack will come from. Now that the risk is real, its my job to communiate this risk to my customers and provide them solutions.
At TechTonic, we have developed a security strategy that includes an action plan for malware and antivirus. Its not 1999 anymore.

Scott Morabito is a technologist and founder of TechTonic.  He was trained as a computer scientist and resides in Concord MA.  

Comments are closed.

Latest Article: Hurricane and Tornado Hacking Protection 9/12/17

by Scott Morabito: Three of the biggest news stories in the last few weeks have been Hurricane Harvey, Hurricane Irma, and the Equifax data breach. The data breach at Equifax is somewhat unfathomable because of its scope and magnitude. Sure, there have been large hacks of data in the past such as Yahoo in 2016 and LinkedIn in 2012 - but who cares about email addresses? The Equifax breach contained identity information for 200 million Americans and this could systematically cause massive amounts of identity theft. From the outside, it would seem not that this is expected: surely Equifax had major security software, systems, and tools in place to prevent this from happening. This is certainly true. The problem with cyber attacks is the asymmetric nature of offense and defense. Protecting yourself from a data breach like the Equifax one is like building a house that can withstand an F5 Tornado. house2 As hurricane Harvey and hurricane Irma worked their way up the Gulf of Mexico, one thought that would go through people's mind was "Hurricane's have hit here before - we'll probably be OK". To some degree, there is some logic to this. Modern buildings can withstand hurricanes ok and can even be safe to be in during the store. Millions of people stayed in their houses during these storms and there was only a tiny percentage of life lost. There are some anomalies and bad luck associated with hurricanes, but for the most part they are survivable
Read the rest...

Other Posts

  • Hurricane and Tornado Hacking Protection
    Hurricane and Tornado Hacking Protection Equifax was hit with a Tornado, everyone else was in hurricane by Scott Morabito Three of the biggest news stories in the last few weeks have been Hurricane Harvey, Hurricane Irma, and the Equifax data breach. The data breach at Equifax is somewhat unfathomable […]...
    Read more
  • Adobe Flash and the musket
    The future of Flash and the security concerns on your Mac by Scott Morabito A number of conversations with customers has recently involved the topic of Adobe Flash.  Let’s address a couple of things quickly: Should we still be using Flash in web browsers?: Yes Should we be […]...
    Read more
  • Mac malware is real
    Mac malware risk Its time for our customers and macOS users to take the threat seriously. The risk is real and we have an answer. by Scott Morabito For as long as I’ve been working in IT and Apple, customers have always asked me whether they need to worry […]...
    Read more