Mac and Windows PC users will each claim they have the superior operating system (OS), but when it comes to security there aren’t as many differences as you would think.
Many Mac users are under the illusion that they are immune to the malware, trojans, and viruses that Windows users are susceptible to.
The advertising for Mac gives the wrong impression
Ads like these have created a misconception that Mac users don’t need to worry about security, but as Lysa Myers, the senior Security Analyst for the Mac security software company, Intego, says, “As far as attackers are concerned, Macs and PCs are the same: it’s a computer” And there is no such thing as a totally safe computer; as long as a hacker can find your computer, they can hack into it.
So why does it seem like there are never any stories about Macs getting hacked? Why do PCs always seem to be the target of any large scale cyber-attacks?
In the past, hackers have not really bothered with Mac computers simply because there weren't enough of them around. Even the latest numbers from NetMarketShare show that Macs still don’t even represent ten percent of global market share for desktop computers. With so few Macs out there, it’s just not economical for hackers to target them.
Windows PCs control the desktop computer market
And since Windows has dominated the market share for so long, there is a greater infrastructure built around hacking PCs. As Stefan Savage, a professor of computer science and engineering at the University of California, San Diego says, "there is an established ecosystem around Windows that really helps reinforce that platform's dominance [as a target], including malware-writing tools, markets to buy and sell malware, infrastructure to deploy malware and lots of open-source information on new exploitation techniques. It takes time to build that kind of community."
However, as Apple’s market share continues to grow, and Macs are used by bigger institutions, they will become more lucrative for hackers.
Recently, Mac users got a glimpse into the vulnerabilities of their OS when Palo Alto detected that the Bittorrent client, ‘Transmission,’ was infected with ransomware targeting Mac users. Any Mac users who downloaded the app also got the malicious software (or malware), named ‘KeRanger’ which seems to be the first successful ransomware attack on Mac OS.
Ransomware is a type of malware that encrypts files on a computer and locks them from being opened or accessed until a certain amount of money is paid to the hackers. In this case, the hackers demanded the victims pay one bitcoin (around $400) in order to get the encryption key, which would unlock their files.
The ransomware note has step-by-step instructions on how to release the victim’s data
All Macs have a built-in security measure called Gatekeeper, which denies any applications with malicious software from being installed. Unlike Windows, Apple approves every application that is featured on the App Store, while applications from other vendors are inspected for malware before they can be opened. If the application is deemed harmful, Mac users will get a notification, warning them about the application.Read more: Apple yanks malware from AppStore that targets non-jailbroken iPhones
KeRanger was able to bypass Gatekeeper by using a valid Apple development certificate, making it appear as if the application was already approved by Apple. When they learned about the problem, Apple took down the certification ID, and anyone who downloaded the Transmission app got this notification:
The warning users got after Apple changed the certificate for Transmission
The response from Apple was fast, but the ransomware is still being refined. Now, the hackers are attempting to encrypt the user's backup files on Time Machine too, which Mac users have used as a fail-safe to backup their files.
A few years before that, in 2013, Apple itself was attacked by a trojan called Pint-sized, which infected the computers of some Apple engineers. Security firm F-Secure claimed that hackers were trying to access codes to infect millions of smartphones.
And few years before that, in 2011, more than 600,000 Macs were infected by a trojan called Flackback, which could look through the user's data for information to steal—including credit card numbers, passwords, and other valuable information.
There are many more instances of Macs being infected by malicious software throughout its history. If you want to see a longer list of malware attacks on Macs, you can find one here.
Even with all these attacks, none of them have been big enough to convince Mac users that they need to take any preventative actions against them. If you happen to be one of the few Mac users who is worried about security, here are a few ways that you can protect yourself from being a victim of malware:
Turn On Automatic Updates
According to GoSquared, only half of Mac users have upgraded to the current OS (El Capitan), which leaves them more susceptible to attacks. It is essential for Mac users to update their OS and software because each update includes patches that help protect against the malware attacks that Apple knows about. In fact, most all of the malware examples listed above could have been prevented (or at least minimized) by turning on automatic updates.
The instructions on how to turn automatic updates can be found here.
Run antivirus software on your Macs
As detailed above, Mac users should install antivirus software on their computer just like Windows users. In fact, antivirus alone would have prevented most Mac infections listed above.
There are many options to choose from here.
Java is a cross-platform environment for running applications or “applets”. If you didn’t know what Java is, you don't need it on your computer. Most websites don't even use Java applets anymore, so you won't miss it. Plus, according to the security company, Kaspersky, Java has been the cause of half of all attacks affecting computers. The problem lies in the fact that Java doesn’t check if the content it is playing is secure, so it creates a perfect place for hackers to code in malware.
The instructions on how to remove Java can be found here.
Do not disable Gatekeeper
Even though malware can sneak past Gatekeeper with a phony Developer ID, enabling it will not hurt. It would also be best to limit downloading applications from third parties all-together. If you can find what you need on the official AppStore, it would be safer to get it from there.
Backup all your data to an External hard drive.
Time Machine is great, but to ensure that data is really secure from hackers, you can disconnect it from the network entirely. Using external hard drives is the only sure way to keep your data out of the hands of hackers; unless they are able to steal the external device itself.
It goes without saying that users also have to take some responsibilities for their own security. This means being careful about the websites you visit, and what links you click on, and what you download. Also, watch out for suspicious looking emails and attachments. It seems obvious, but even Mattel recently fell for a $3 million phishing scam, so it can happen to anyone.
If you are at all suspicious of a website, do not chance it. The easiest way to get infected with malware is to indiscriminately click on any link and open any email, regardless of how questionable they seem.
As Macs become more popular, users have to learn to protect themselves the same way Windows PC users do.
It’s only a matter of time before Mac users have to deal with being attacked, and they are not going to have the tools in place to deal with hackers. Since Apple has not invested the time, energy, or intellect that Windows has with malware prevention and security, it actually leaves Macs more vulnerable to attacks.
Pedro Bustamante, Vice President Products & New Technologies at Malwarebytes says, "Cybercriminals are on the lookout for easy targets, and nothing could be easier than capitalizing on under- or unprotected Mac systems shrouded under a false sense of invincibility."
So, it might be a good idea to take measures upon yourself before the malware hits the fan.