Mac Malware Guide : What are the threats?
Published June 17th, 2012 at 3:26 PM EDT , modified July 6th, 2015 at 5:51 PM EDT
Classes of Malware
It is very important to understand that there are, by my definition, two different kinds of malware. One is the virus: malware that is capable of infecting a machine without user interaction. Some people further divide such malware, referring to viruses (programs that must attach to other programs) and worms (programs that spread without needing to attach to other programs). I personally do not find this distinction particularly useful, and will refer to both of these as viruses. Viruses always rely on some vulnerability in the system, as all systems strive to prevent untrusted code from running by itself.
The second kind of malware is called the trojan horse (or just “trojan”, for short). This malware is named after the famous wooden horse, filled with soldiers, that the Greeks tricked the Trojans into bringing into their city. Like the Trojan horse of legend, this class of malware relies on tricking the user into downloading, installing and running it. A trojan is only dangerous if it can trick you.
Viruses are, in my eyes, by far the more dangerous kind of malware. They often rely on security holes in the system that can allow the virus to sneak in without your knowledge. A trojan, on the other hand, relies on the user intentionally running it, and thus will not easily make its way onto a careful user’s machine.
I have built a database of all known Mac malware over several years, assisted in part through collaboration with others in the Mac anti-malware community. It’s always possible that it is not complete, of course, and new malware does appear from time to time. If you discover something that is not on my list, please let me know!
Almost all of the malware that affects Macs lies firmly in the trojan category. There are a variety of “social exploits” (ie, ways to trick a human) that malware uses to get itself installed, but in the end, a wary user will probably not fall for them. The only malware to-date that cannot be placed squarely in the trojan category is malware that uses vulnerabilities in third-party software to install itself.
For the most part, there’s very little to be concerned about. Most are rare, to varying degrees between very and extraordinarily, and most of them either never were or no longer are a threat. Almost all of the ones that were real threats can be handled by anti-malware features in versions of Mac OS X starting with 10.5 (Leopard).
You may see much lengthier lists of malware on the sites of some anti-virus software vendors. In my experience, much of what appears on these lists is ancient… worrying about those things is like losing sleep for fear of dinosaur attacks. There were many more Mac viruses in the days before Mac OS X (though nowhere near the current number of Windows viruses), but none of those viruses can in any way affect a modern Mac.
Adware is software designed to display advertisements to the user, usually within the web browser, or cause redirects to a different search engine (such as Yahoo, Bing or other strange search sites like Only Search). This is different from normal ad-supported software in that the source of these ads and redirects is often a complete mystery to the user. Most anti-virus software does not actually detect adware, and when it does, it usually identifies it as a “PUA” (Potentially Unwanted Application) or “PUP” (Potentially Unwanted Program) rather than as malware. Mac OS X does not protect you at all against most adware.
Adware for the Mac always comes in the form of a trojan. It may pretend to be something the user wants (most commonly, a video plug-in or player), or it may “piggyback” on a legitimate download from an unethical site (like Softonic or Download.com). It may even be included within the installer for an app downloaded directly from the official site for a piece of software.
Adware is the biggest threat affecting Mac users today. It is easy for a careless download to result in infection, and removal can be difficult. Fortunately, adware on the Mac has never been documented to be a serious threat, stealing no personal information beyond browsing habits (in some cases), and removal can be accomplished with the aid of my Adware Removal Guide.
Third-party software issues
Some malware is empowered by third-party software. The oldest example is the Word macro “virus,” which is seeing a little bit of a comeback since Microsoft added the scripting language they relied on back to the Mac version of MS Office, but those are pretty wimpy as malware goes. Older versions of MS Office also had a vulnerability that allowed a maliciously-crafted document to install executable code on the user’s machine. Similarly, Adobe Flash, if not kept updated, is a source of potential vulnerabilities that could let malware into the system.
Worst of all is Java. Java applets are used by some websites (not many at this point) for a variety of things. Unfortunately, Java has a history of vulnerabilities that can be, and have been, used to install malware. Further, Java applets can break out of their “sandbox” and get access to your system if you grant them permission, and they have been known to trick users into doing just that in order to install malware.
|<- Table of contents||How does Mac OS X protect me? ->|