Checking your Mac for viruses -- wait, what?

Think I’m joking? Have a look at this screenshot, taken from my Mac during the course of writing this column:  That, my friends, is a list of 30 potentially bad things guessed it, were found on my Mac while I was running a test virus scan, one of which is a Windows virus. And, nope, I did not plan this, even though I did plan to write about this problem.

Think I’m joking? Have a look at this screenshot, taken from my Mac during the course of writing this column: That, my friends, is a list of 30 potentially bad things guessed it, were found on my Mac while I was running a test virus scan, one of which is a Windows ...

As we talked about in last week's Working Mac, you may have been led to believe that you don't have to worry about computer viruses on your Mac. And, to some extent, there's truth to that. While your Mac can definitely be infected with malware, Apple's built-in malware detection and file quarantine capabilities are meant to make it less likely that you'll download and run malicious software.

Apple introduced malware detection to the Mac OS with Snow Leopard (Mac OS 10.6). This system consists of the quarantine of any app downloaded from the Internet, the use of Code Signing certificates to verify that an app is coming from a legit source, and regular security updates that include databases of known malware targeting the Mac OS.

Because of this system, called File Quarantine and occasionally referred to as XProtect:

  • Apps in quarantine display a dialog window reminding you where the app came from and asking whether or not you're sure you want to open it.
  • Apps with no code signing certificate, depending on your Gatekeeper settings, may display a message saying the app can't be opened because of your settings. (For software you know is good you can bypass this by control-clicking the app and selecting Open from the resulting contextual menu.)
  • Apps that are known malware cannot be opened at all. You'll be met with a message offering the option to toss the app in the trash.

And this is why Macs remain mostly virus and malware free.

To make sure your Mac malware database is always up to date you'll want to verify that your Mac always automatically installs security updates and related system data files.

To do this:

  1. Open System Preferences
  2. Open the App Store preference
  3. Make sure that Automatically check for updates and Install system data files and security updates are checked.

This should keep your Mac free from most malicious software, although it's important to note that it does not make it impossible for malicious software to be installed on your Mac. There is no software that's able to catch everything. If new malware is released today and you download and run it today you will have done so before Apple's databases could have been updated. So it's always best to be wise when downloading software from unknown sources.

While it's unlikely that your Mac will run any malware, there is possibly a more pernicious issue: You Mac could become the Typhoid Mary Windows viruses, which is to say, you could be harboring viruses on your Mac that won't effect you, but can be problems for Windows users.

So, how do you keep your Mac from relaying Windows viruses to Windows users?


Why ClamXav? Because it has one job and it does it very well. It's not too intrusive. It doesn't try to do too much. If you're using Apple's Server app to host your email, it's what Apple uses to scan incoming mail for viruses.

ClamXav is, like AdWare Medic, donationware and it is fantastic. You'll find it at the Mac App Store or you can download it directly from the ClamXav Website, where you can also make a donation.

Once you've downloaded and opened the app you'll want to set the app's preferences, as the default behavior is to scan for viruses but not delete or quarantine them. ClamXav offers five configuration options:

  • General: For setting up alerts and whether or not to scan for malware and phishing in your email messages (which is where the app found infected files on my Mac)
  • Quarantine: For defining where you want to quarantine malicious files
  • Exclude Files: To specify file types you don't want scanned
  • Log Files: For setting whether or not you want log files stored and for viewing them
  • Schedule: For defining when you want the latest virus definitions downloaded and when you want scheduled scans to take place

Once you've finished your setup, click the Start Scan button and go grab some milk and cookies. Scanning may take awhile, but when it's done you'll know for sure your Mac is clean.

Join the CSO newsletter!

Error: Please check your email address.

Tags Applesecuritybeca

More about AppleMacs

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeffery Battersby

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts