For almost as long as the Mac has existed, there has been an ongoing debate about whether Mac owners should install ‘anti-virus’ software. I put the word in inverted commas intentionally as we have moved a long way pas the days of computer viruses. The broader term malware is now where we are at and I encompasses a far broader array of malicious tools used by cyber criminals. And that means we need to think differently about how we protect ourselves from online threats.
What are some of the big threats? Follow the money
For most people, the real endgame when it comes to online attacks is your money. Online criminals are no longer trying to mess up your documents or files for fun. They are looking for ways to coerce or trick you into opening your wallets.
Phishing
We’ve all received an email that looks like (or tries to look like) it’s from a bank or some other ‘trusted’ institution. The goal for criminals sending these messages is to get you to enter your username and password into a fake website so that they can then use the same credentials to access your real accounts.
Business Email and Social Media Compromise
Sometimes called email fraud, criminals try to coerce you into sending them money. A typical ploy for businesses is to send them an email that looks like it’s from a trusted source such as a customer or supplier. They’ll include an attachment that looks like a real invoice and ask you to transfer funds to their account.
On some occasions, they will pressure you into making the payment by creating some sort of perceived time pressure.
For individuals, this often happens through social media where someone will pretend to be a friend or relative and use a fake social media account to contact you and ask you to send them money because they have been robbed or are stranded overseas.
Ransomware
While computers running Windows remain the main target for criminals, there have been successful ransomware attacks against Macs. Victims are duped into clicking a link or opening an attachment that has a malicious payload. That payload is a computer program that encrypts your files. The only way to recover your files is to pay the criminals a ransom for them to provide you with a decryption key.
The random is usually paid with cryptocurrencies so the money can’t be followed.
Scams
While the “Nigerian Prince” scam might be well known and have been around for a long time – it predates the Internet and used to be done with letters in the post – it and other variations are still around. More recently, dating and romance scams have become more prevalent with requests for cash made in exchange for the chance of a loving relationship or sex.
What is Apple doing to protect us?
Apple has released a support document documenting how it protects users against malware. Apple has taken a four-pronged approach:
- The App Store and Notarisation: Although you are free to download and install applications for your Mac from anywhere, if you limit your app purchases to the Mac App Store, Apple scan apps and issues a ‘Notarisation ticket’ if it deem the software to be safe.
- XProtect: Apple has included built-in antivirus technology called XProtect as part of macOS since 2009. This is a signature-based tool for the detection and removal of malware. Apple monitors for new malware infections and strains and updates signatures automatically. this happens separately from system updates to help defend a Mac from malware infections, even when we are slow at updating our Macs.
- Gatekeeper: Introduced in 2021, Gatekeeper only allows trusted software to run on a Mac. This has been, in the past, called ‘whitelisting’ although that term has been recently replaced by ‘allow listing’. Gatekeeper verifies that the software is from an identified developer, is notarised by Apple to be free of known malicious content and hasn’t been altered.
This multi-faceted approach is quite effective. But should you still run separate endpoint protection software on your Mac?
Antivirus on your Mac – yes or no?
It’s plain to see that online criminal activity is not going away and that threat actors (that’s what the security industry calls online criminals) keep changing how they operate in order to work around security tools. Apple is not a security company. And while it Amy do a very good job with XProtect, that tool, which is its main ‘antivirus’ service, is good it may lag behind in being iodated for the latest threats compared to companies that are solely focussed on security.
The question to ask is whether you see the risk of being attacked by a very new threat that is not defended against by XProtect. With more people using their Macs to work from home, and ever increasing Mac sales, than ever before as a result of the pandemic, Apple’s computers are now a bigger target than ever before.
I won’t reveal what stresses and tools I have in place for protecting my Mac – I don’t want to give the bad its any intelligence that could help them target me. But you need to assess your risk. How you answer these questions may help.
- Do you share files with people?
- Do you visit websites that might be associated with ‘dodgy’ practices (eg ‘free’ software, ‘adult’ services)?
- Do you carefully verify that every email that comes to you is really from who you think (this is harder to check than most people realise)?
- Do you verify every link before you click on it?
The need for endpoint protection software is about risk mitigation. For some, their working environment may put them at higher risk. For example, if you work from home and receive invoices from third parties, that means you’ll be opening lots of attachments and may not have time to check the details of every sender. In that case, endpoint protection software would make a lot of sense.
But if rarely open attachments, use your Mac mainly for web browsing, some email and other low-risk tasks then Apple’s in-built protection may be good enough.
Anthony is the founder of Australian Apple News. He is a long-time Apple user and former editor of Australian Macworld. He has contributed to many technology magazines and newspapers as well as appearing regularly on radio and occasionally on TV.