January 5, 2017

Do you really need anti-virus for your Mac?

Spoiler alert: there are no hard and fast yes or no answer to this, but read on for my take. Hopefully it’ll make you better equipped to make a good decision for yourself.

No doubt: If you own and use a Windows computer, you need anti-virus, or rather, anti-malware. There are simply too many malware variants threatening the platform. You need some form of protection.

But what about Mac? Why are there thousands and thousands of malware variants for Windows and so few for Mac OS?

A Bit of History

The meteoric rise of the internet (necessary for the spread of malware) coincided with a rapid spread of Windows and the waning of the Mac (before its rise again) in the mid Nineties. This was also a time before Windows (and Mac) had any real notion of the kind of security architecture needed to keep such threats at bay.
This, coupled with Microsoft’s obsession with backwards compatibility, meant that the crop of malware authors that started out then would target the biggest group out there: Windows users, then keep on refining and refining their abilities year after year. It was the only game in town worth playing.

When Mac and Apple had their big comeback after the turn of the millenium, things looked different. Apple could build on the security conscious foundation of UNIX, and secondly, learn from the past and build a completely new architecture for a new, always connected reality that we were now living in. As Mac OS X was a new, fresh, non backward-compatible version of the OS, there were no legacy considerations to be taken.

All this meant that Apple and Mac could build a relatively secure system from the start, and also gain little interest from malware authors, who were still busy taking what they had learned about Windows already and apply it to new Windows versions as they were published. Meanwhile, the Windows platform was still plagued by an inherently less secure architecture, again due to legacy compatibility considerations (exactly why that is is beyond this discussion).

Today and tomorrow

Windows today has an eminently secure architecture as Mac OS or any other system. However, it is still true that the malware authors know Windows best because of the above historical reasons. Besides, when the usage numbers are so much higher for Windows, why target Mac? As malware writers now are almost exclusively after big money either by ransomware or some shenanigans getting paid for click-adverts, it simply makes more sense to just stick to Windows as a target.

So how many threats are there actually against Mac OS? Or more importantly, because it is a more useful metric in assessing how likely you are to be the victim of computer malware, with what frequency does new threats that can compromise the average user pop up on the Mac platform?

There are different ways to measure this, and security companies will count any small theoretical threat as finely as possible. A favorite metric of these companies is for instance to measure discovered vulnerabilities, which usually shows that Mac OS fares no better or worse then Windows. However, a vulnerability (often discovered by researchers in a security lab) is not the same as an actual in-the-wild malware threat. To get from that to this is where the ability and expertise and incentives of the malware authors come into play again.

My estimate is that there is no more than a handful serious malware threats to the Mac platform a year, meaning about 3-6. Real world threats, that can potentially have any meaningful and negative effect on a user, and that has a reasonably chance of spreading to a reasonably large population of Mac users.

Anti-virus comes with its own problems

Still, even with that low number, why take the chance, right? Any anti-virus is better than no anti-virus regardless, right? Wrong! An anti-virus product is by its very nature intrusive to the host system, simply becasue it has to detect and intervene on any malicious changes. This means that is has to for instance work as an extra layer in all file opening operations and all internet connection sessions, because it has to check if that file being opened is safe, and that that stream coming in from the internet doesn’t contain malware.

Those kind of low level operations are unfortunately fraught with problems. Not only do they usually slow down the system, but the way the anti virus products operate has become so complex, in an arms race to keep up with ever more sophisticated malware, that operational errors, or bugs, are inevitable, and so are also security holes. Yes, the very product that is supposed to keep you safe, has become a security risk and therefore a potential attack target for malware authors.

How big a problem is that? It’s hard to tell, but it’s a real problem, see for instance this article from Ars Technica about the problem from about a year ago.

So in the end, it comes down to weighing the benefits of having anti-virus installed against the downsides of a slower and potentially more troublesome system.

screen-shot-2017-01-04-at-18-44-44Tell 1: Attachement is zip file. Tell 2: When you click on the ‘From’ name the actual address is unrelated to USPS.

Some  sage  elvish advice

The last virus I saw for the Mac was in a lab at the University of Oslo. Around 1995. I have never had anti-virus installed after switching to Mac OS X in 2004, and I live comfortably  and malware free with that, so it should be clear which consideration I think weighs more. I am of course also an appropriately paranoid IT-head, and I take my precautions.

But so can you:

  • Don’t open links in emails without verifying that they are from the same domain the email claims to be from (hover over the link, it should display the actual URL). Also check the email spelling and be extremely skeptical of any email that asks you to update any password or credentials.
  • Check that any and all attachments in emails has an appropriate file ending. If a document you are supposed to read, an attachment should not have endings  like .zip or .html or .js or .exe
  • Any and all dialogue boxes on your screen that suddenly (and without you recognizing it as coming from a previously installed malware protection application) says you have a security or malware or any problems with your computer are probably just bait for you to click on them and be taken to some web page to download some malware masquerading as a fix.
  • The same is true for any tantalizing video online that asks you to first download a video player or video codec to be able to watch it. It is all just a play to get you to install something that you really really don’t want to have installed on your computer.
  • Offers in emails or online that seem too good to be true, probably are. In best case they want to collect your email to send you spam, in worst case clicking on the link will lead you to a web page which will try to surreptitiously install malware on your computer.

So to end on a Tolkien note, although it might seem I, like an elf, give both yes and no as advice, it really comes down to your gut feeling. Are you worried about malware and feel insecure about your habits and (lack of) ability to operate safely online, by all means install anti-virus. If you follow the simple guidelines above, however, and generally exercise caution and common sense, I think you will be just fine without it on your Mac. Just remember that Macs, like all computer platforms, are not immune to malware, so keep informed about potential threats. An excellent way to do so is to follow this page and subscribe to the Stoneman newsletter!

Header image: © Eric Geusz http://entroz.deviantart.com/art/You-Shall-Not-Pass-330127651. Used with permission.

One thought on “Do you really need anti-virus for your Mac?

Leave a Reply

Your email address will not be published. Required fields are marked *